(12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) 



(19) World Intellectual Property Organization 

International Bureau 

(43) International Publication Date 
16 January 2003 (16.01.2003) 






PCT 



(10) International Publication Number 

wo 03/005145 A2 



(51) International Patent Classification^: G06F 

(21) International Application Number: PCT/IB02/02591 

(22) International Filing Date: 3 July 2002 (03.07.2002) 

(25) Filing Language: English 

(26) Publication Language: English 

(30) Priority Data: 

60/303,157 6 July 2001 (06.07.2001) US 

1 0/095 ,062 12 March 2002 ( 1 2.03 .2002) US 

(71) Applicants (for all designated States except US): NOKIA 
CORPORATION [FLTI]; Keilalahdentie 4, FIN-02150 
Espoo (FI). NOKIA INC. [US/US]; 6000 Connection 
Drive, Irving, TX 75039 (US). 

(72) Inventors; and 

(75) Inventors/Applicants (for US only): KONTIO, Markku 
[FT/FT]; Makkylanmutka 4D, FIN-02600 Espoo (FI). SIP- 
PONEN, Juha [FI/FI]; Katajaharj untie 7-9 27, FIN-00200 



Helsinki (FI). YLITALO, Tapio [FT/FI]; Bertel Jungin 
aukio 4 B22, FIN-02600 Espoo (FI). HURST, Leon 
[lE/FI]; Punavuorenkatu 23 H 171, FTN-00150 Helsinki 
(H). HONGLANG, Zhang [US/US]; 35 Peterson Road, 
North Andover, MD 01845 (US). GUSTAFSSON, Patrik 
[FI/US]; 981 Marquette Lane, Foster City, CA 94404 
(US). DURAND, Julian [CA/US]; 151 Caleron Ave, 
#242, Mountain View, CA 94041 (US). ASOKAN, 
Nadarajah [CA/FI]; Ankkurinvarsi 6 K, FTN-02320 
Espoo (FT). EKBERG, Jan-Erik [FWI]; Seljatie 1 A 5, 
FIN-00320 Espoo (FI). STENMAN, Jorma [FI/FI]; Myl- 
larintanhua 6 H 27, FIN-00920 Helsinki (FI). TEINILA, 
Jaakko [FT/FI]; Keskiyotie 20 A, FIN-00210 Espoo (FT). 
LAHTEENMAKI, Mika [IWI]; Paavo Kolinkatu 1 A 
1, FIN-33720 Tampere (FI). ALVE, Jukka [FT/FI]; Ida 
Aalbergintie 3 A I 14, FTN-00400 Helsinki (FT). KUMAR, 
Ashwini [IN/US]; 111 Locust Street #41, Wobum, MA 
01801 (US). 

(74) Agent: WASZKIEWICZ, Ken; c/o Morgan & Finnegan, 
LLP, 345 Park Avenue, New York, NY 10154 (US). 

(81) Designated States (national) : AE, AG, AL, AM, AT, AU, 
AZ, BA, BB, BG, BR, BY, BZ, CA, CH, CN, CO, CR, CU, 

[Continued on next page] 




(54) Title: DIGITAL RIGHTS MANAGEMENT IN A MOBILE COMMUNICATIONS ENVIRONMENT 



110 

RETAIL CONTENT SERVICE 



< 



o 

o 
O 




100 

DISTRIBUTING 
TERMINAL 



135 
CONTENT 
PACKAGE 



135 
CONTENT 
PACKAGE 







135 

CONTENT 
PACKAGE 







135 
CONTENT 
PACKAGE 



135 

CQNTENTPACKAGE 



136 
CONTENT 
OBJECT 



137 
VOUCHER 
OBJECT 



140 
RECEIVING 
TERMINAL 

(57) Abstract: The invention provides a method, system, and computer program product to control the access, copying, and/or 
transfer of a digital asset by mobile, wireless devices using a digital voucher. The digital voucher references a primary content that 
contains all of the expression for that particular asset and a secondary content that contains information that can be distilled out as 
a preview- The information in the primary content can be limited to a specified duration or a specific number of viewings. The 
author, owner, or possessor of the digital asset specifies the terms and conditions for distribution of the digital asset. The digital 
voucher authorizes the mobile, wireless device to access a specified primary or secondary content that may be located elsewhere in 
the network- The mobile, wireless device can download a copy of portions or all of the content depending on the terms specified in 
the voucher- 
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DIGITAL RIGHTS MANAGEMENT 
IN A MOBILE COMMUNICATIONS ENVIRONMENT 

CROSS-REFERENCE TO A RELATED APPLICATION 

5 This application for letters patent clairns priority to and incorporates by reference 

the provisional application for letters patent serial number 60/303,157 titled "A Method, 
System, and Computer Program Product for Controlling the Distribution of a Digital 
Asset in a Mobile Environment" and filed in the United States Patent and Trademark 
Office on July 6, 2001. This application for letters patent is a continuation of and 

10 incorporates by reference utility application for letters patent serial number 10/095,062 
titled "Digital Rights Management in a Mobile Communications Environment" and filed 
in the United States Patent and Trademark Office on March 12, 2002. This application 
for letters patent is related to and incorporates by reference provisional apphcation for 
letters patent serial number 60/303,686 titled "Smart Content Object" and filed in the 

1 5 United States Patent and Trademark Office on July 6, 2001 . 
FIELD OF THE INVENTION 

A method, system, and computer program product are disclosed for controlling 
the distribution of digital assets in communications networks. In particular, the method, 
system, and computer program product manages the hfecycle of a digital asset and the 

20 property rights held by the creator and owner of the digital asset in a mobile, wireless 
environment. 

BACKGROUND OF THE INVENTION 

Digital technology dramatically impacts the creation, distribution, sale, marketing, 
and consumption of copyrighted digital content. Recent developments indicate that 
25 producers of digital content are under pressure and have a desire to profit from these new 
developments and reduce their vuhierability to the risk. The risks are more obvious to 
content producers than the potential benefits of the new technologies. 

Copyright protection systems of the pre-digital age consisted of legal mechanisms 
to prosecute individuals and groups that ran large-scale illegal reproduction facilities for 
30 profit. Since intellectual property pirates in the pre-digital age needed physical assets to 
reproduce the physical media of the books, music, or video, they were subject to 
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traditional law enforcement techniques. The added complications imposed by 
distribution of these contraband copies made these pirates even more vulnerable to 
detection. From the consumer's perspective, the illegal copies produced by these pirates 
were less interesting because quality suffered and the copies were not always promptly 
5 available as legitimate copies. 

The digital age introduced new risks because flawless copies are now infinitely 
reproducible and may be transmitted instantly anywhere in the world. There has been a 
shift from a paradigm where a large number of individuals made a few copies to one 
where relatively few individuals can make many copies. 

10 When cassette tapes were first introduced, record companies had similar concerns 

as demonstrated by the record jackets printed in the early 1980s including the slogan 
"Home Taping Is Killing Music". Eventually this lead to cassette tape maLiufacturers 
paying mandatory licensing fees to the holder of the property rights to the work. 

Content producers are rightfully concemed with this new capacity to cheat them 

15 of a fair return on their intellectual property and, therefore, have been reluctant to take 
advantage of digital commerce opportunities. Yet digital conunerce offers the potential 
to increase eamings while cutting the high overhead costs of production, distribution, 
warehousing their goods while presenting new business opportunities. It is believed that 
if content producers were sufficiently confident in their ability to protect their assets in 

20 digital form, they would gladly take part in such a system. 

Legal and regulatory means exist to protect digital content, however a deterrent is 
necessary to make the illegal copying and distribution of copyrighted content difficult and 
traceable. For this reason, the deployment of a trusted end-to-end solution for the 
management of digital rights is a necessary precursor to digital production, dissemination 

25 and consumption of copyrighted content. 

Digital Rights Management (DRM) involves the description, layering, analysis, 
valuation, trading, and monitoring of an owner's property rights to an asset. DRM covers 
the management of the digital rights to the physical manifestation of a work (e.g., a 
textbook) or the digital manifestation of a work (e.g., a Web page). DRM also covers the 

30 management of an asset whether the asset has a tangible or an intangible value. Current 
DRM technologies include languages for describing the terms and conditions for an asset. 
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tracking asset usage by enforcing controlled environments or encoded asset 
manifestations, and closed architectures for the overall management of the digital rights. 

The Open Digital Rights Language (ODRL) provides the semantics for 
implementing a DRM architecture in an open or trusted computing environment. ODRL 
5 defines a standard vocabulary for expressing the terms and conditions over an asset. 
ODRL covers a core set of semantics for these purposes including the identification of the 
property rights to the work and the expression of permissible uses for manifestations of a 
protected asset. Rights can be specified for a specific asset manifestation or format or 
could be applied to a range of manifestations of the asset. ODRL does not enforce or 

10 mandate any policy for DRM, but provides the mechanisms to express such a policy. 
ODRL does not, however, assume the existence of mechanisms to achieve a secure 
architecture. ODRL complements existing rights management standards by providing 
digital equivalents and supports an expandable range of new services that can be afforded 
by the digital nature of the assets in the Web environment. In the physical environment, 

15 ODRL can be used to enable machine-based processing for DRM. The web site 
"http://odrl.net" contains electronic ODRL resources including the ODRL Specification 
Format version 1.0, ODRL Expression Language version 1.0, and ODRL Data Dictionary 
version 1.0. 

The Extensible Markup Language (XML) is a standard for exchanging data and 
20 metadata electronically. Metadata is data that describes data. For example, the term 
^'author" is metadata that describes the data *WiUiam Shakespeare". XML is an 
outgrowth of the Standard Generalized Markup Language (SGML) that allows the author 
of an XML document to separate the logical content of the document from the 
presentation of the content. An author of an XML document adds metadata to a 
25 document as hypertext transfer protocol (HTTP) tags in the document. A document type 
definitions (DTD) file is the mechanism that adds shared content to the XML document. 
The web site "http://www.w3.org/XML/1999/XML-in-10-points" provides an overview 
of XML. 

Extensible Rights Markup Language (XrML) is an XML conforming language 
30 definition that specifies rights, fees, and conditions for using digital content. XrML also 
describes message integrity and entity authentication rules. XrML supports commerce in 
digital content such as publishing and selling electronic books, digital movies, digital 
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music, interactive games, and computer software. In addition, XrML supports the 
specification of access and use controls for secure digital documents in cases where 
financial exchange is not part of the terms of use. The web site 
"http://www.xrml.org/faq.asp" provides an overview of XrML. 
5 DigitEil commmiications networks can be categorized in terms of their geographic 

coverage, their transmission media, their protocols, their transmission speeds, the types of 
equipment that they interconnect, and other criteria. An example of geographic coverage 
categories includes wide area networks (WANs), metropolitan area networks (MANs), 
local area networks (LANs), and personal area networks (PANs). An example of 

10 transmission media categories includes fixed station wireliue networks, mobile wireless 
networks, and hybrid combinations of fixed station wireline networks communicating 
through wireless access points with wireless networks. There are many digital wireless, 
wide area network architectures. Most of them are connected to the public switched 
telephone network (PSTN) to provide access to wireline telephones and digital 

15 computers. A short list includes Global System for Mobile Communication (GSM), IS- 
136 TDMA-based Digital Advanced Mobile Phone Service (DAMPS), Personal Digital 
Cellular (PDC), IS-95 CDMA-based cdmaOne System, General Packet Radio Service 
(GPRS) and broadband wireless systems such as W-CDMA, and Broadband GPRS. For 
more information on these digital wireless, wide area network architectures, see the book 

20 by Yi-Bing Lin, et al. entitled Wireless and Mobile Network Architectures, John Wiley & 
Sons, 2001. 

Wide area networks can include communications satellite links that interconnect 
nation-wide digital networks located on different continents. Nation-wide digital 
networks typically include backbone networks, regional distribution hubs, and routers, 

25 which interconnect access subnetworks serving local routers, servers, and service 
providers. The Internet is a familiar example of a wide area network. For more 
information on the Internet as a wide area network, see the book by Daniel Minoli, et al. 
entitled Intemet Architectures. John Wiley & Sons, 1999. 

At the other end of the range for geographic coverage are short-range wireless 

30 systems. Short-range wireless systems have a typical range of one hundred meters or less. 
They often combine with systems wired to the Intemet to provide communication over 
long distances. The category of short-range wireless systems include both a wireless 
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personal area network (PAN) and a wireless local area network (LAN). Both of these 
networks have the common feature of operating in unlicensed portions of the radio 
spectrum, usually either in the 2.4 GHz Industrial, Scientific, and Medical (ISM) band or 
the 5 GHz Unlicensed-National Information Infrastructure (U-NII) band. Wireless 
5 personal area networks use low cost, low power wireless devices that have a typical range 
of ten meters. The best-known example of wireless personal area network technology is 
the Bluetooth Standard, which operates in the 2.4 GHz ISM band. It provides a peak air 
link speed of one Mbps and a power consumption low enough for use in personal, 
portable electronics such as PDAs and mobile phones. Wireless local area networks 

10 generally operate at higher peak speeds of from 10 to 100 Mbps and have a longer range, 
which requires greater power consumption. Wireless local area networks are typically 
used as wireless links from portable laptop computers to a wired LAN, via an access point 
(AP). Examples of wireless local area network technology include the IEEE 802.11 
Wireless LAN Standard and the HIPERLAN Standard, which operates in the 5 GHz U- 

15 Nil band. For more information on wireless LANs, see the book by Jim Geier entitled 
Wireless LANs. Macmillan Technical Publishing, 1999. 

An ad hoc network is a short range wireless system composed primarily of mobile 
wireless devices, which associate together for a relatively short time to carry out a 
common purpose. A temporary network such as this is called a ^'piconet" in the 

20 Bluetooth Standard, an "independent basic service set" (IBSS) in the IEEE 802.11 
Wireless LAN Standard, a "subnet" in the HIPERLAN Standard, and generally a radio 
cell or a "micro-cell" in other wireless LAN technologies. Ad hoc networks have the 
common property of being an arbitrary collection of wireless devices, which are 
physically close enough to be able to commumcate and which are exchanging information 

25 on a regular basis. The networks can be constructed quickly and without much planning. 
Members of the ad hoc network join and leave as they move into and out of the range of 
each other. Most ad hoc networks operate over xmlicensed radio frequencies at speeds of 
from one to fifty-four Mbps using carrier sense protocols to share the radio spectrum. 
The distance over which they can communicate ranges from ten meters for Bluetooth 

30 piconets to over one himdred meters for wireless LAN micro-cells in an open 
environment. Ad hoc networks consist primarily of mobile wireless devices, but can also 
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include one or more access points, which are stationary wireless devices operating as a 
stand-alone server or connected as gateways to other networks. 

Bluetooth is a short-range radio network, originally intended as a cable 
replacement. It can be used to create ad hoc networks of up to eight devices operating 
5 together. The Bluetooth Special Interest Group, "Specification Of The Bluetooth 
System", Version l.OB, Volumes 1 and 2, December 1999, describes the principles of 
Bluetooth device operation and communication protocols. The devices operate ia the 2.4 
GHz radio band reserved for general use by Industrial, Scientific, and Medical (ISM) 
applications. Bluetooth devices are designed to find other Bluetooth devices within their 

10 ten-meter radio communications range and to discover what services they offer, using a 
service discovery protocol (SDP). The SDP searching function relies on links being 
established between the requesting Bluetooth device in a cUent role and the responding 
Bluetooth device in a server role. Once a link has been established, it can be used to find 
out about services in the responding Bluetooth device and how to connect to them. 

15 A connection between two Bluetooth devices is initiated by an inquiring device 

sending out an inquiry message searching for other devices in its vicinity. Any other 
Bluetooth device that is listening by means of conducting an inquiry scan, will recognize 
the inquiry message and respond. The inquiry response is a message packet containing 
the responding device's Bluetooth Device Address (BD_ADDR). A Bluetooth device 

20 address is a unique, 48-bit IEEE address that is electronically engraved into each 
Bluetooth device. 

The inquiring device uses the information provided in the inquiry response packet, 
to prepare and send a paging message to the responding device. To establish a 
connection, the inquiring device must enter the page state. In the page state, the inquiring 

25 device will transmit initial paging messages to the responding device using the access 
code and timing information acquired from the inquiry response packet. The responding 
device must be in the page scan state to allow the inquiring device to connect with it. 
Once in the page scan state, the responding device will acknowledge the initial paging 
messages and the inquiring device will send a paging packet that provides the clock 

30 timing and access code of the inquiring device to the responding device. The responding 
device responds with a page acknowledgment packet. This enables the two devices to 
form a connection and both devices transition into the connection state. The inquiring 
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device that has initiated the connection assumes the role of a master device and the 
responding device assumes the role of a slave device in a new ad hoc network piconet. 

Each piconet has one master device and up to seven slave devices. All 
communication is directed between the master device and each respective slave device, 
5 The master initiates an exchange of data and the slave responds to the master. When two 
slave devices are to communicate with each other, they must do so through the master 
device. The master device maintains the piconet's network clock aad controls when each 
slave device can communicate with the master device. Members of the ad hoc network 
piconet join and leave as they move into and out of the range of the master device. A 

10 piconet supports distributed activities, such as collaborative work projects, collaborative 
games, multi-user gateways to the Internet, and the like. A user's device that joins a 
particular piconet does so to enable its user to participate in the currently running 
collaborative activity. 

A Bluetooth-enabled laptop computer can send information to a Bluetooth- 

15 enabled printer in the next room. A Bluetooth-enabled microwave oven can send a 
message to a Bluetooth-enabled mobile phone announcing that the meal is ready. 
Bluetooth will become the standard in mobile phones, PCs, laptops and other electronic 
devices, enabling users to share information, synchronize data, access the Intemet, 
integrate with LANs or actuate electro-mechanical devices, such as unlocking a car. A 

20 passenger can use a laptop or handheld computer to compose an electronic mail message 
while flying in an airplane and then, after landing, the messages can be automatically 
forwarded to the Intemet by Bluetooth devices that are ubiquitously located around the 
airport terminal. In another example, while waiting in an airport lounge, the passenger 
can receive interesting duty-free offers directly on the laptop or handheld computer or 

25 play multi-player games with fiiends. 

The IEEE 802.11 Wireless LAN Standard defines at least two different physical 
(PHY) specifications and one common medium access control (MAC) specification. The 
IEEE 802.11(a) Standard is designed for either the 2.4 GHz ISM band or tlie 5 GHz U- 
NII band, and uses orthogonal frequency division multiplexing (OFDM) to deUver up to 

30 54 Mbps data rates. The IEEE 802. 1 1 (b) Standard is designed for the 2.4 GHz ISM band 
and uses direct sequence spread spectrum (DSSS) to deliver up to 11 Mbps data rates. 
The IEEE 802.11 Wireless LAN Standard describes two major components, the mobile 
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Station and the fixed access point (AP). ffiEE 802.11 ad hoc networks have an 
independent configuration where the mobile stations conmiunicate directly with one 
another, without support from a fixed access point. The IEEE 802.11 standard provides 
wireless devices with service inqmry features similar to the Bluetooth inquiry and 
5 scanning features. IEEE 802.11 ad hoc networks support distributed activities similar 
those of a Bluetooth piconet, except that they have ten times the communications range. 

In order for an IEEE 802.11 mobile station to communicate with other mobile 
stations in an ad hoc network, it must first find the stations. The process of finding 
another station is by inquiring. Active inquiry requires the mquiring station to transmit 
10 queries and invoke responses from other wireless stations in an ad hoc network. In an 
active inquiry, the mobile station will transmit a probe request ficame. If there is an ad 
hoc network on the same channel that matches the service set identity (SSID) in the probe 
request fi-ame, a station in that ad hoc network will respond by sending a probe response 
frame to the inquiring station. The probe response includes the information necessary for 
15 the inquiring station to access a description of the ad hoc network. The inquiring station 
will also process any other received probe response and Beacon frames. Once the 
inquiring station has processed any responses, or has decided there will be no responses, 
it may change to another channel and repeat the process. At the conclusion of the inquiry, 
the station has accumulated mformation about the ad hoc networks in its vicinity. Once a 
20 station has performed an inquuy that results m one or more ad hoc network descriptions, 
the station may choose to jom one of the ad hoc networks. The IEEE 802.1 1 Wireless 
LAN Standard is published m three parts as "IEEE 802.11-1999", "IEEE 802.1 la-1999", 
and "IEEE 802.1 lb-1999". All three of these pubhcations are available from the IEEE, 
Inc. web site at http://grouper.ieee.Org/groups/802/l 1. 
25 The HIPERLAN standard provides a wireless LAN with a high data rate of up to 

54 Mbps and a medium-range of 50 meters. HIPERLAN wireless LANs provide 
multimedia distribution with video quaUty of service (QoS), reserved spectrum, and good 
in-buildhig propagation. There are two HIPERLAN standards. HIPERLAN Type 1 is a 
dynamic, priority driven channel access protocol similar to wireless Ethernet. 
30 HIPERLAN Type 2 is a reserved channel access protocol similar to a wireless version of 
asynchronous transfer mode (ATM). Both HIPERLAN Type 1 and HIPERLAN Type 2 
use dedicated spectrmn at 5 GHz. HIPERLAN Type 1 uses an advanced channel 
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equalizer to deal with intersymbol interference and signal multipath. HIPERLAN Type 2 
avoids these interference problems by using orthogonal frequency division multiplex 
(OFDM) and a jfrequency transform function. The HIPERLAN Type 2 specification 
offers options for bit rates of 6, 16, 36, and 54 Mbps. The physical layer adopts ati 
5 OFDM multiple carrier scheme using 48 carrier jfrequencies per OFDM symbol. Each 
carrier may then be modulated using binary phase shift keying (BPSK), quadrature phase 
shift keying (QPSK), or quadrature amplitude modulation (QAM) formats of 16-QAM or 
64-QAM to provide different data rates. The modulation schemes chosen for the higher 
bit rates achieve throughput in the range 30-50 Mbps. 

10 The HIPERLAN Type 1 is a dyn^nic, priority driven channel access protocol that 

can form ad hoc networks of wireless devices. HIPERLAN Type 1 ad hoc networks 
support distributed activities similar those of the Bluetooth piconets and IEEE 802. 1 1 
independent basic service sets (IBSS). The HIPERLAN Type 1 standard provides 
wireless devices with service inquiry features similar to those of the Bluetooth inquiry 

15 and scanning features and the IEEE 802.11 probe request and response features. An 
overview of the HIPERLAN Type 1 principles of operation is provided in the publication 
"HIPERLAN Type 1 Standard", ETSI ETS 300 652, WA2 December 1997. 

HIPERLAN Type 2 is a reserved channel access protocol that forms ad hoc 
networks. HIPERLAN Type 2 ad hoc networks support distributed activities similar to 

20 those of the HIPERLAN Type 1 ad hoc networks, Bluetooth piconets and IEEE 802.11 
independent basic service sets (IBSS). HIPERLAN Type 2 provides high speed radio 
communication with typical data rates from 6 MHz to 54 Mbps. It connects portable 
devices with broadband networks that are based on IP, ATM and other technologies. 
Centralized mode is used to operate HIPERLAN Type 2 as an access network via a fixed 

25 access point, hi addition a capability for direct link communication is provided. This 
mode is used to operate HIPERLAN Type 2 as an ad hoc network without relying on a 
cellular network infrastructure. In this case a central controller (CC), which is 
dynamically selected among the portable devices, provides the same level of QoS support 
as the fixed access point. Restricted user mobility is supported within the local service 

30 area. Wide area roaming mobility can also be supported. An overview of the 
HIPERLAN Type 2 principles of operation is provided in the Broadband Radio Access 
Networks (BRAN), 'TIIPERLAN Type 2; System Overview", ETSI TR 101 683 VI.Ll 
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(2000-02) and a more detailed specification of its ad hoc network architecture is 
described in "HIPERLAN Type 2, Data Link Control (DLC) Layer; Part 4. Extension for 
Home Environment", ETSI TS 101 761-4 Vl.2.1 (2000-12). 

Other wireless standards support ad hoc networks. Examples include the IEEE 
5 802.15 Wireless Personal Area Network (WPAN) standard, the Infrared Data Association 
(LrDA) standard, the Digital Enhanced Cordless Telecommunications (DECT) standard, 
the Shared Wireless Access Protocol (SWAP) standard, the Japanese 3rd Generation (3G) 
wireless standard, and the Multhnedia Mobile Access Communication (MMAC) Systems 
standard of the Japanese Association of Radio Industries and Businesses. 

10 Thus, there is a need for a method, system, and computer program product for 

integrating digital rights management into a mobile computing environment. The mobile 
computing environment can include any wireless wide area network such as a cellular 
network or short range wireless system such as a wireless LAN or a wireless personal 
area network. The method, system, and computer program product disclosed herein 

15 would provide a light-weight and efficient DRM architecture that can promote the growth 
of electronic commerce in the mobile computing enviromnent. 
SUMMARY OF THE INVENTION 

The memory size of mobile, wireless devices is small when compared to that of 
fixed station computers and servers. To accommodate the limited memory capacity in 

20 mobile devices, the invention provides hght-weight digital vouchers to represent larger 
sized digital assets. The invention provides a method to control the access, copying 
and/or transfer of a digital asset by mobile, wheless devices using the digital vouchers. In 
this manner, only content that is currently required in a mobile device needs to be located 
there. 

25 The totality of information constituting a digital asset is its primary content, which 

contains all of the expression of its author for that particular asset. The expression may 
be in the form of text, graphics, sound, video, or other multimedia forms. Portions of the 
information in the primary content can be distilled out as a preview, such as a text 
abstract, a thumbnail view, a sound bite, a video clip, executable code fragment, or the 

30 like, which are generically referred to as secondary content. The presentation of the 
information in the primary content can be limited to a specified duration or a specific 
number of viewings. 
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The author, owner, or possessor of the digital asset can specify the terms and 
conditions for distribution of the primary content and the secondary content. The 
principal methods of distribution are by sharing access to the content, by duphcating a 
copy of the content and transferring possession of the copy, and by giving or transferring 
5 possession of the content, itself 

In accordance with the invention, distribution by sharing access to the content is 
accomplished by a digital voucher that is stored in the mobile, wireless device. The 
digital voucher authorizes the mobile, wireless device to access to a specified primary or 
secondary content that may be located elsewhere in the network. The mobile, wireless 
10 device can download a copy of portions or all of the content to be viewed, played, or 
executed, depending on the terms specified in the voucher. The principles of the 
invention apply even where the voucher and the content are located in any other nodes in 
the network. 

Further in accordance with the invention, distribution by copying the whole 
15 content is accomplished by a digital voucher that is stored in the mobile, wireless device. 
The digital voucher authorizes the mobile, wireless device to cause the duplication of the 
entire portion of a specified primary or secondary content which may be located 
elsewhere in the network. The mobile, wireless device can then download the dupUcated 
copy of the content, based on the terms specified in the voucher. The principles of the 
20 invention apply even where the voucher and the content are located in any other nodes in 
the network. 

Still further in accordance with the invention, distribution by giving or transferring 
possession of the content is accompUshed by a digital voucher that is stored in the mobile, 
wireless device. The digital voucher authorizes the mobile, wireless device to cause the 

25 transfer of possession of a specified primary or secondary content, firom a currently 
specified distributing computer to receiving terminal. The digital voucher is sent from the 
mobile, wireless device to a voucher server m the network, which transforms the identity 
of the custodian specified in the voucher from the distributing computer to the receiving 
terminal. The receiving terminal cati then download the content from the distributing 

30 terminal, based on the terms specified in the voucher. The principles of the invention 
apply even where the voucher and the content are located in any other nodes ia the 
network. 
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In one aspect of the invention, the method begins by storing the primary contQut in 
a distributing computer. To control the disposition of the content, the mobile, wireless 
device stores a primary voucher and a secondary, preview voucher. The primary voucher 
allows the user of the mobile, wireless device to control the primary content in 
5 accordance with the terms and conditions specified in the primary voucher. The primary 
voucher includes a first pointer to the primary content and a reference to the secondary 
voucher. The secondary voucher allows the user of the mobile, wireless device to control 
the secondary content in accordance with the terms and conditions specified in the 
secondary voucher. The secondary voucher includes a second pointer to the primary 

1 0 content. The secondary voucher can further include a second reference to itself, allowing 
the secondary voucher to create a duplicate of itself. 

In accordance with the invention, when the user invokes an access sharing 
operation in the mobile, wireless device, a primary voucher that contains the access 
sharing authorization, uses the first pointer therein to signal the distributing computer to 

15 allow the mobile, wireless device to access the primary content therein, based on the 
terms specified in the primary voucher. The method uses the first reference in the 
primary voucher to access the secondary voucher to use the second pointer therem to 
signal the distributing computer to allow the mobile, wireless device to access a 
secondary, preview content therein, based on the terms specified in the secondary 

20 voucher. 

Further in accordance with the invention, when the user invokes a third party 
access sharing operation in the mobile, wireless device, a primary voucher that contains 
the third party access sharing authorization, uses the first pointer therein to signal the 
distributing computer to issue a digital voucher to the third party receiving device, based 

25 on the terms specified in the primary voucher. The issued voucher authorizes the third 
party device to access the primary content or the secondary content in the distributing 
computer, based on the terms specified in the secondary voucher. 

Still further in accordance with the invention, when the user invokes a copy 
operation in the mobile, wireless device, a method controls the distribution of a copy of a 

30 primary content and a secondary, preview content. The method begins by storing a 
primary content and a secondary content in a distributing computer. To control the 
disposition of the content, the mobile, wireless device stores a primary voucher and a 
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secondary voucher. The primary voucher allows the user of the mobile, wireless device 
to render the content multiple times, but does not allow the duplication of the content. 
The primary voucher further includes a first pointer to the primary content and a second 
pointer to the secondary content, and further includes a first reference to the secondary 
5 voucher. The secondary voucher in the mobile, wireless device allows a preview of the 
content to be distributed to another user. The secondary voucher includes a third pointer 
to the prim^ content and a fourth pointer to the secondary content. The secondary 
voucher can also include a second reference to itself, allowing the secondary voucher to 
create a duplicate of itself. 

10 In accordance with the invention. Hie user invokes a copy operation in the mobile, 

wireless device, to access the primary voucher and use the first pointer therein to signal 
the distributing computer to duplicate the primary content as a primary content copy and 
to transmit it to a receiving terminal. The method uses the first reference in the primary 
voucher to access the secondary voucher to use the third pointer therein to signal the 

15 distributing computer to duplicate the secondary content as a secondary content copy and 
to duplicate the secondary voucher as a duplicate voucher and to transmit them to the 
receiving terminal. Since the primary voucher does not allow the duplication of the 
content, the invocation step causes the primary voucher to be reset to a no-rights state in 
the mobile, wireless device. In this manner, the copy operation results in the primary 

20 content copy, the secondary content copy, and the duplicate voucher being resident in the 
receiving terminal. The duplicate voucher includes pointers to the primary content copy, 
the secondary content copy, and a reference to itself, to allowing the duplicate voucher to 
create a duplicate of itself. 

In another aspect of the invention, a method controls the giving of a preview copy 

25 of a digital asset to another in a mobile environment. The method begins by storing a 
primary content in a distributing computer. To control the disposition of the content, the 
mobile, wireless device stores a primary voucher and a secondary voucher. The primary 
voucher allows the user of the mobile, wireless device to render the content multiple 
times, but does not allow the duplication of the content. The primary voucher includes a 

30 first pointer to the primary content, and further includes a first reference, in a narrow 
element, to the secondary voucher. The secondary voucher in the mobile, wireless device 
allows a preview of the content to be distributed to another user. The secondary voucher 
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includes a second pointer to the primary content. The secondary voucher further includes 
a second reference, in a narrow element, to the secondary voucher allowing the secondary 
voucher to create a duplicate of itself. 

In accordance with the invention, the user invokes a give operation in the mobile, 
5 wireless device, to send a copy of the secondary voucher to a voucher server. The 
voucher server recognizes the give operation and responds with a reference voucher that 
includes an indication of no rights to the primary content. The mobile, wireless device 
receives the reference voucher from the voucher server. The mobile, wireless device then 
sends the reference voucher to a receiving terminal. The receiving terminal then sends a 

10 request to the voucher server, requesting a new secondary voucher. The new secondary 
voucher confers the same preview rights onto the receiving terminal are available to the 
mobile, wireless device. Since the primary voucher does not allow the dupUcation of the 
content, the invocation step causes the primary voucher to be reset to a no-rights state in 
the mobile, wireless device. Still further in accordance with the invention, the receiving 

15 terminal can purchase a primary voucher from the voucher server, to obtain the same 
rights to the primary content as are possessed by the mobile, wireless device. 

In another aspect of the invention, a method controls the giving of a primary 
content digital asset to another in a mobile enviroiunent. The method begins by storing a 
primary content in a distributing computer. Since the memory of the mobile, wireless 

20 device is much smaller than that of the distributing computer, only that content that is 
currently required in the mobile, wireless device is located there. To control the 
disposition of the content, the mobile, wireless device stores a primary voucher and a 
secondary voucher. The primary voucher allows the user of the mobile, wireless device 
to render the content multiple tunes, but does not allow the duplication of the content. 

25 The primary voucher includes a first pointer to the primary content, and forther includes a 
first reference, in a narrow element, to the secondary voucher. The secondary voucher in 
the mobile, wireless device allows a preview of the content to be distributed to another 
user. The secondary voucher includes a second pointer to the primary content. The 
secondary voucher further includes a second reference, in a narrow element, to the 

30 secondary voucher allowing the secondary voucher to create a duplicate of itself. 

In accordance with the invention, the user invokes a give operation fai the mobile, 
wireless device, to send a copy of the primary voucher to a voucher server. This 



wo 03/005145 



15 



PCT/IB02/02591 



Operation resets the primary voucher to a no-rights state m the mobile, wireless device. 
The voucher server recognizes the give operation and responds with a reference voucher 
that includes an indication of no rights to the primary content. The mobile, wireless 
device receives the reference voucher firom the voucher server. The mobile, wireless 
5 device then sends the reference voucher to a receiving terminal. The receiving terminal 
then sends a request to the voucher server, requesting a new primary voucher. The new 
primary voucher confers the same full rights onto Ihe receiving terminal were previously 
available to the mobile, wireless device. 

Further in accordance with the invention, a method is disclosed for controlling the 

1 0 transfer of dormant rights to digital asset in a mobile environment The method begins by 
storing a digital asset content in a distributing computer in a network. Then, in 
accordance with the uivention, the method stores a voucher in a first device in the 
network, the voucher including a pointer to the content, use information specifying the 
type of use intended for the content, restriction information limiting usage of the content, 

15 and identity information identifying a second device in the network. The restriction and 
identity information in the voucher prevents the first device from using the content. 
However, the first device can super-distribute the content by transferring the voucher to 
the second device. There, the voucher permits the second device to use the content, in 
response to the restriction and identity information in the voucher. The voucher can also 

20 include clearing house information which requires the second device to report is use of 
the content to a clearinghouse computer in the network. The clearinghouse information 
can include a name of the clearinghouse, its public signature verification key, and a 
network address where the use of the content can be reported. 

Further in accordance with the invention, a method is disclosed for deferring 

25 payment for a digital asset in a mobile environment. The method begins by storing a 
digital asset content in a distributing computer in a network. Then, in accordance with 
the invention, the method registers a buyer device in the network, with a clearinghouse 
computer in the network. The clearinghouse sends to the buyer device a certificate 
including a signing key for the buyer device and a charge authorization ticket that is valid 

30 for a specified total purchase amount. The buyer device then sends to a seller device in 
the network, a copy of the certificate and an offer indication to pay a price to the seller 
device for the content. The seller device verifies the validity of the certificate as the offer 
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of payment by tlie buyer device. The seller device then sends to the buyer device a 
voucher including a pointer to the content, use information specifying the type of use 
intended for the content, and restriction infonnation limiting usage of the content. The 
restriction and use infonnation in the voucher allows the buyer device to use the content. 
5 The seller device then sends to the clearinghouse, the offer indication by the buyer device, 
to obtain compensation for the price of the content. In one embodiment, the 
clearinghouse sends a bill to the buyer device to collect the price. In another 
embodiment, the clearinghouse deducts the price firom a prepaid amount previously paid 
by the buyer device. In still another embodiment, the clearinghouse adds the price to a 

10 debt amount to be paid by the buyer device. In yet another embodiment, the 
clearinghouse provides a bonus to the seller device as the compensation. 

Further in accordance with tlie invention, a method is disclosed for controlling the 
transfer of dormant rights to digital asset in a mobile environment. The method begins by 
storing a digital asset content in a distributing computer in a network. Then, in 

15 accordance with the invention, the method stores a voucher in a first device in the 
network, the voucher including a pointer to the content, use information specifying the 
type of use intended for the content, restriction information limiting usage of the content, 
identity information identifying a second device in the network, and clearing house 
information specifying a first clearinghouse. The first device is registered with second, 

20 different clearinghouse. The clearinghouse information in the voucher prevents the first 
device firom using the content, because the second clearinghouse does not match with the 
specification of the first clearing house m the voucher. However, the first device can 
super-distribute the content by transferring the voucher to the second device. There, the 
voucher permits the second device to use the content, in response to the clearing house 

25 information, because the first clearinghouse matches with the specification of the first 
clearing house in the voucher. The clearing house information in the voucher can 
requiring the second device to report is use of the content to the first clearinghouse 
computer in the network. 

Further in accoi*dance with the invention, a method is disclosed for conducting 

30 transactions up to a limit, for traasferring rights to a digital asset in a mobile environment. 
The method begins by storing a digital asset content in a distributing computer in a 
network. Then, in accordance with the invention, the method stores a content of a digital 
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asset in a distributing computer in a network. Then the method registers a seller device in 
the network, with a clearinghouse computer in the network. The clearinghouse then 
sends the seller device a seller's voucher from, including a pointer to the content, use 
information specifying the type of use intended for the content, restriction information 
5 limiting usage of the content; and transaction information allowing transactions up to a 
limit, for transferring rights to the content. Thereafter, a buyer device in the network is 
registered with the clearinghouse computer. The clearinghouse then sends the buyer 
device a certificate including a signing key for the buyer device and a charge 
authorization ticket that is valid for a specified total purchase amoimt. Thereafter, the 

10 buyer device sends to the seller device, a copy of the certificate and an offer indication to 
pay a price to the seller device for the content. The seller device verifies the validity of 
the certificate as the offer of payment by the buyer device. After the verification, the 
seller sends the buyer device a buyer's voucher including a pointer to the content, use 
information specifying the type of use intended for the content, and restriction 

15 information limiting usage of the content. The restriction and use information in the 
buyer's voucher allows the buyer device to use the content, in response to. The seller 
device then sends to the clearinghouse, the offer indication by the buyer device, to obtain 
compensation to the seller device for the price of the content. The transaction 
information of the seller's voucher prohibits the seller device from conducting further 

20 transactions beyond the limit. 

Further in accordance with the invention, a method is disclosed for transferring 
rights to a digital asset that includes preview copies that convey with the asset in a mobile 
environment. The method begins by storing a primary content and a secondary content of 
a digital asset in a distributing computer in a network. Then the method registers a seller 

25 device in the network, with a clearinghouse computer in the network. The clearinghouse 
then sends the seller device a seller's primary voucher, including a pointer to the primary 
content, use information specifying the type of use intended for the primary content, 
restriction information limiting usage of the primary content; transaction information 
allowing transactions up to a primary limit, for transferring rights to the primary content, 

30 and a reference to a seller's secondary voucher. In addition, flie clearinghouse then sends 
the seller device the seller's secondary voucher from the clearinghouse, the secondary 
voucher including a pointer to the secondary content, use information specifying the type 
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of use intended for the secondary content, restriction information allowing a preview 
copy of the content to be distributed to another user; and transaction information allowing 
transactions up to a secondary limit, for transferring a preview copy. Thereafter, a buyer 
device in the network is registered with the clearinghouse computer. The clearinghouse 
5 then sends the buyer device a certificate including a signing key for the buyer device and 
a charge authorization ticket that is valid for a specified total purchase amount. 
Thereafter, the buyer device sends to the seller device, a copy of the certificate and an 
offer indication to pay a price to the seller device for the content. The seller device 
verifies the validity of the certificate as the offer of payment by the buyer device. After 

10 the verification, the seller sends the buyer device, a buyer's primary voucher including a 
pointer to the primary content, use information specifying the type of use intended for the 
primary content, restriction infonnation limiting usage of the primary content, and a 
reference to a buyer's secondary voucher. In addition, the seller sends the buyer device 
the buyer's secondary voucher from the clearinghouse, the buyer's secondary voucher 

15 including a pointer to the secondary content, use information specifying the type of use 
intended for the secondary content, restriction information allowing a preview copy of the 
content to be distributed to another user; and transaction information allowing 
transactions up to a secondary limit, for transferring a preview copy. The restriction and 
use information in the buyer's primary and secondary vouchers allow the buyer device to 

20 use the content. The seller device then sends to the clearinghouse, the offer indication by 
the buyer device, to obtain compensation to tlie seller device for the price of the content. 
The transaction information of the seller's vouchers enables the buyer device to distribute 
preview copies of the content up to the secondary limit. 

Further in accordance with the invention, a method is disclosed to control the 

25 downloading of digital asset content from a server to protect against resource exhaustion 
in a mobile environment. The method begins by storing a digital asset content in a 
distributing computer in a network. Then, in accordance with the invention, the method 
stores a voucher in a device in the network, the voucher including a pointer to the content, 
use information specifying the type of use intended for the content, restriction 

30 information limiting usage of the content, and protection information specifying an ID for 
the content and an encryption key for the content. The method continues by forming a 
download token in the device, using the ID for the content and the encryption key for the 
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content. Then the method sends the download token from the device to the distributing 
computer with a request to download the content after validating the download token. 
Then the device receives the content at the device, in response to the validation of the 
download token at the distributing computer. As a result, only authorized devices in the 
5 network can successfully download the content. The download token can further include 
a digital signature of the device and a certificate issued by a certifying authority that 
certifies the authenticity of the digital signature of the device. Still further, a payment 
authorization can accompany the download token sent to the distributing computer. 

In anotiier aspect of the invention, a system is disclosed to enable a wireless 

10 device in a mobile communication environment, to obtain a right to give to another 
device, protected content of a digital asset stored in any one of a plurality of content 
servers. The system includes a plurality of content servers in a network, each storing a 
content of a digital asset. The system further includes a voucher server in the network, 
for registering the digital content in the plurality of content servers. In addition, the 

15 system includes a DRM agent or payment server in the network, for obtaining 
information about the content from the voucher server. The operation of the system 
begins with a wireless device in a mobile communication environment, sending to the 
DRM agent a request for a right to give to a terminal device, content of a digital asset. 
The DRM agent responds by sending an offer of consideration to the wireless device, 

20 including consideration information obtained from the voucher server. The user of the 
wireless device then sends an acceptance of the consideration to the DRM agent. The 
DRM agent then obtains a give voucher for the content from the voucher server and 
forwards it to the wireless device. In accordance with the invention, the give voucher has 
metadata including a pluraUty of pointers to the content in any one of the plurality of 

25 content servers, use information specifying the type of use intended for the content, 
restriction information limiting usage of the content, and transaction information about 
the right to give the content, an identity for the wireless device, and an identity for the 
terminal device. The wireless device then sends the give voucher to the terminal device 
to enable the terminal device to select one of the plurality of content servers and access 

30 the content from a selected content server, in response to the metadata. 

Still further in accordance with the invention, the terminal device sends the give 
voucher to the DRM agent to exchange it for a second, normal voucher. The second 



wo 03/005145 



20 



PCT/IB02/02591 



voucher has metadata including a pluraUty of pointers to the content in any one of the 
pluraUty of content servers, use information specifying the type of use intended for the 
content, restriction information limiting usage of the content, and the identity for tlie 
terminal device. The terminal device is now able to select one of the pluraUty of content 
5 servers, and access the content from a selected content server, in response to the 
metadata. 

In an altemate embodiment of the invention, the terminal device sends the give 
voucher to a second DRM agent in the network, different from the first DRM agent. The 
second DRM agent transforms the give voucher into the second voucher. The terminal 

10 device is now able to select one of the plurality of content servers and access the content 
from a selected content server, in response to the metadata. 

In another aspect of the invention, a method is disclosed to enable a wireless 
device to decrypt the protected content with a content key. An author or pubUsher will 
originally submit the content to the voucher server in the network, to register the content 

15 in the plurality of content servers. The voucher server encrypts the content with a content 
key and either retains the key or appends the protected key to the encrypted content 
before storing it in the content servers. Several techniques are disclosed to protect the 
content and the content key. In one embodiment, the wireless device is enabled to 
recover the content key to decrypt the encrypted content. At the time that the wireless 

20 device requests the content, it provides its unique device ID and/or user ID. The voucher 
server joins the content key with the unique device ID to form a key token that is either 
appended to the content or is included in the voucher. The wireless device is able to 
recover the content key from the key token by matching its device ID and/or user ID with 
that in the key token. By using combinations of such unique IDs, the danger of loosing 

25 one of the IDs and thus failing to recover the key, is minimized. A randomized version of 
the user ID can be used to provide privacy, if desired. 

In one embodiment, the content key is joined with a reference device ID by 
performing an exclusive OR operation between the content key and the reference device 
ID, forming a first key token. A similar operation is performed on a reference user ID to 

30 form a second key token. These key tokens can either be appended to the content or 
included in the voucher. When the wireless device gains possession of the voucher it will 
have any of the key tokens included therein. Using the metadata in the voucher, the 
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wireless device gains possession of the encrypted content and will have any of the 
remaining key tokens included therein. Then, the wireless device can recover the content 
key either if the device ID matches the reference device ID in the first key token or if the 
user ID matches the reference user ID in the second key token. Then, the wireless device 
5 can decrypt the encrypted content with the recovered content key. 

Further in accordance with the invention, the content also has a media ID. The 
voucher server can form the voucher's transaction information to include a third key 
token containing the content key joined with a reference media ID for the content. In one 
embodiment, the content key is joined witli the reference media ID by performing an 

10 exclusive OR operation between the content key and the reference media ID, forming the 
third key token. When the wireless device receives the voucher, the metadata enables the 
wireless device to access one of the plurality of content servers, to obtain the encrypted 
content. Then, the wireless device can recover the content key if the media ID of the 
encrypted content matches the reference media ID in the third key token. The recovery of 

15 the content key is by performing an exclusive OR operation between the media ID and 
the third key token. The recovered content key can then be used by the wireless device to 
decrypt the encrypted content. 

In another embodiment of the invention, the wireless device can use its private 
key from a public key / private key pair, to recover the content key. At the time that the 

20 wireless device requests the content, it provides its public key. The voucher server 
encrypts the content key with the wireless device's public key to form a key token that is 
either appended to the content or is included in the voucher. The wireless device is able 
to recover the content key from the key token by decrypting the key token with its private 
key. The recovered content key can then be used by the wireless device to decrypt the 

25 encrypted content. 

In another embodiment of the invention, the wireless device can use its shared 
symmetric key, to recover the content key. At the time that the wireless device requests 
the content, the voucher server encrypts the content key with the shared symmetric key to 
form a key token that is either appended to the content or is included in the voucher. The 

30 wireless device is able to recover the content key from the key token by decrypting the 
key token with the shared symmetric key. The recovered content key can then be used by 
the wireless device to decrypt the encrypted content. 
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In another embodiment of the invention, the encrypted content can be transferred 
on a tangible medium such as a CD ROM or a floppy disk. The tangible medium has a 
media ID. The voucher server can form the voucher's transaction information to hiclude 
a key token containing the content key joined with a reference media ID for the content. 
5 In one embodiment, the content key is joined with the reference media ID by performing 
an exclusive OR operation between the content key and the reference media ID, forming 
the key token. When the wireless device receives the voucher, it can recover the content 
key if the media ED of the encrypted content matches the reference media ID in the key 
token. The recovery of the content key is by performing an exclusive OR operation 

10 between the media ID and the key token. The recovered content key can then be used by 
the wireless device to decrypt the encrypted content. 

The invention is applicable to virtually all digital communications networks, 
including wide area networks (WANs), metropolitan area networks (MANs), local area 
networks (LANs), and personal area networks (PANs). The invention is applicable to 

15 fixed station wireline networks, mobile wireless networks, and hybrid combinations of 
fixed station wireline networks communicating through wireless access points with 
mobile wireless networks. In particular, the invention is applicable to any mobile 
computing environment, including any wireless wide area network such as a cellular 
telephone network or any short range wireless system such as a wireless local area 

20 network or a wireless personal area network. Examples of wireless, wide area network 
architectures to which the invention appUes include Global System for Mobile 
Commimication (GSM), IS- 136 TDMA-based Digital Advanced Mobile Phone Service 
(DAMPS), Personal Digital Cellular (PDC), IS-95 CDMA-based cdmaOne System, 
General Packet Radio Service (GPRS) and broadband wireless systems such as W- 

25 CDMA, and Broadband GPRS. Examples of short-range wireless systems to which the 
invention applies include the Bluetooth Standard, the IEEE 802.11 Wireless LAN 
Standard the HIPERLAN Standard, the IEEE 802.15 Wireless Personal Area Network 
(WPAN) standard, the Infrared Data Association (IrDA) standard, the Digital Enhanced 
Cordless Telecommunications (DECT) standard, the Shared Wireless Access Protocol 

30 (SWAP) standard, the Japanese 3rd Generation (3G) wireless standard, and the 
Multimedia Mobile Access Communication (MMAC) Systems standard of the Japanese 
Association of Radio Industries and Businesses. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

The accompanying figures best illustrate the details of the method, system, and 
apparatus for controlling the distribution of a digital asset in a mobile communication 
environment, both as to its structure and operation. Like reference numbers and 
5 designations in these figures refer to Uke elements. 

Figure 1 is a network diagram that depicts the delivery of a Mobile Rights 
Voucher content package to a receiving terminal from either a distributing terminal or a 
network service. 

Figure 2 is a network diagram that expands the system shown in Figure 1 by 
1 0 illustrating an exemplary communication between the receiving terminal and the network 
service. 

Figure 3A is an abstract representation of an embodiment of a Mobile Rights 
Voucher. 

Figure 3B is an illustration of an XML embodiment of the Mobile Rights Voucher 
1 5 shown in Figure 3 A. 

Figures 4A through 4V illustrate the DTD declarations for the XML embodiment 
of the Mobile Rights Voucher shown in Figure 3 A. 

Figures 5A through 5D illustrate, respectively, an exemplary DTD for subset A, 
subset B, subset C, and a baseline DTD for the XML embodiment of the Mobile Rights 
20 Voucher shown in Figure 3 A. 

Figure 6 is a functional block diagram that illustrates tiie interaction of a 
distribution terminal and a receiving terminal in the distribution of a primary and a 
secondary content in the Mobile Rights Voucher copy intent process. 

Figure 7 is a functional block diagram that illustrates the interaction of a 
25 distribution terminal and a receiving terminal in the non-personalized Mobile Rights 
Voucher copy intent process for sending a preview copy of protected digital content. 

Figure 8 is a functional block diagram that illustrates the interaction of a 
distribution terminal, a receiving terminal, and a voucher server in the personaUzed 
Mobile Rights Voucher give intent process for sending a preview copy of protected 

30 digital content. 

Figure 9 is a functional block diagram that depicts a network environment for 
distributing a Mobile Rights Voucher by illustrating a use case scenario in which a 
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sending terminal accesses a content service and a voucher service via a cellular network 
to purchase two screen savers. 

Figure 10 is a network process diagram illustrating the basic controlled download 
protocol between a receiving DRM device, the receiver protocol engine, the sender 
5 protocol engine, and the sending DRM device. 

Figure 11 is a functional block diagram illustrating the interaction of a mobile 
device, a rights gateway, a retail content service, and a clearinghouse in the process of the 
mobile device purchasing rights from the retail content service. 

Figure 12 is a functional block diagram illustrating the interaction of the 
1 0 architectural elements of the Mobile DRM system. 

Figure 13 is a functional block diagram that expands upon the architecture shown 
in Figure 12 to illustrate the interaction of a more complex Mobile DRM system to 
illustrate the relationships between the participating entities. 

Figure 14 is a functional block diagram that expands upon the architecture shown 
15 in Figure 12 to illustrate the interaction of a more complex Mobile DRM system to 
illustrate the relationships between the participating entities. 

Figure 15 is a flow diagram that demonstrates the message flows among the 
elements shown in Figure 12. 

DETAILED DESCRIPTION OF THE INVENTION 
20 Mobile Rights Voucher 

The Mobile Rights Voucher disclosed herein manages the hfecycle of a piece of 
content and the associated property rights held by the creator or agent of the digital 
content. In addition, the Mobile Rights Voucher can facilitate flexible payment for 
content and can deliver the content separate from the voucher. The Mobile Rights 

25 Voucher is a message that can be sent by electronic mail, a Multimedia Messaging 
Service (MMS), or a Short Messaging Service (SMS). Alternatively, the Mobile Rights 
Voucher can be downloaded using a Wireless Application Protocol (WAP) or a Hypertext 
Transfer Protocol (HTTP). 

Smart Content Object is a content encapsulation architecture that includes smart 

30 routing capabilities for content and can be useful for application routing. The Mobile 
Rights Voucher can use the Smart Content Object for expressing rights information. The 
Smart Content Object and Mobile Rights Voucher are both implemented on memory- 
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limited devices such as a mobile phone or a personal digital assistant. The Mobile Rights 
Voucher is not bomid in any way to the Smart Content Object and can be used in other 
transport architectures such as MMS and Hypertext Transfer Protocol/Multipurpose 
Internet Mail Extensions (HTTP/MIME). 
5 The Mobile Rights Voucher is a "hght-weight" DRM that can benefit a mobile 

environment. Additionally, the Mobile Rights Voucher can express usage rights for "low 
value" content such as cellular telephone ringing tones, operator logos, and additional 
levels for cellular telephone games. 

In one embodiment, the Mobile Rights Voucher is sent over the air and can allow 

10 devices that implement this specification to interoperate. Due to constraints of 
implementation and industry-wide adoption, this specification does not attempt to deliver 
on all of the promise of DRM in a single step. Thus, the Mobile Rights Voucher fiiU 
baseline specification is split three subsets. Subset A of the baseline specification 
supports no rights for a piece of content. Subset A relies upon another entity such as a 

1 5 service provider who suppUes the mobile device to implement the Mobile Rights Voucher 
as a "stub" and take care of the implementation of specific DRM tasks. Subset B of the 
baseline specification supports the preview of digital content and allows for the 
specification of transaction and administrative information. Subset C of the baseline 
specification supports many intents and constraints with full distribution capabiUties. 

20 Subsets B and C provide increased functional DRM capabilities for a mobile device such 
as a cellular telephone. The full baseline specification will provide a completely 
functional light-weight DRM architecture. 

CompatibiUty with a pubhcly specified voucher system such as ODRL or XrML 
can improve the integration of the Mobile Rights Voucher with existing systems. 

25 Unfortunately, XrML is disqualified due of unclear licensing terms. Thus, the Mobile 
Rights Voucher is based upon a non-valid version of ODRL and is extended slightly in 
appropriate places to allow for the envisioned use cases. 

Figure 1 is a network diagram that depicts the delivery of content package 135 
from either distributing terminal 100 or retail content service 110 to receiving terminal 

30 140. Distributing terminal 100 is coupled to either personal area network 120 or cellular 
network 130. Personal area network 120 is a short-range network that implements an 
architecture specification such as Infiared data association (IrDA), Bluetooth, or object 
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exchange architecture. Cellular network 130 is a communication network such as an 
analog signal, global system for mobile (GSM) communications, general packet radio 
service (GPRS), time-division multiple access (TDMA), or code-division multiple access 
(CDMA). In addition, cellular network 130 can accommodate Enhanced Data Rates for 
5 GSM Evolution (EDGE), an evolution of GSM and TDMA systems that increases 
network capacity and data rates up to 473 K-bits per second to enable Mobile Multimedia 
services, and Digital Video Broadcasting (DVB) technology. The delivery of content 
package 135 can use a single technology to receive the rights and the content or can mix 
technologies. A user may choose to receive the rights and the content using Bluetooth on 

10 personal area network 120 or, instead, receive the rights using Bluetooth on personal area 
network 120 and receive the content using DVB on cellular network 130. hi one 
embodiment, distributing terminal 100, retail content service 110, and receiving terminal 
140 are Bluetooth devices that use a radio frequency signal that includes data adhering to 
the Bluetooth protocol and specification to communicate data among the devices. 

15 However, the architecture disclosed herein and shown in Figure 1 will apply to any 
appropriate wireless environment. 

The first content delivery scenario shown in Figure 1 involves personal area 
network 120 coupling distributing terminal 100 and receiving terminal 140. A user (not 
shown) coupled to distributing terminal 100 selects to transmit content package 135 to 

20 receiving terminal 140 using personal area network 120. Content package 135 includes 
content object 136 and voucher object 137. 

The second content delivery scenario shown in Figure 1 involves cellular network 
130 coupling distributing terminal 100 and receiving terminal 140. A user (not shown) 
coupled to distributing terminal 100 selects to transmit content package 135 to receiving 

25 terminal 140 using cellular network 130, Content package 135 is the same as in the first 
delivery scenario and includes content object 136 and voucher object 137. 

The third content delivery scenario shown in Figure 1 involves personal area 
network 120 coupling retail content service 110 and receiving terminal 140. An owner 
(not shown) coupled to retail content service 110 selects to transmit content package 135 

30 to receiving terminal 140 using personal area network 120. Content package 135 is the 
same as in the first delivery scenario and includes content object 136 and voucher object 
137. 
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The fourth content delivery scenario shown in Figure 1 involves cellular network 
130 coupling retail content service 110 and receiving terminal 140. An owner (not 
shown) coupled to retail content service 110 selects to transmit content package 135 to 
receiving terminal 140 using cellular network 130. Content package 135 is the same as in 
5 the first delivery scenario and includes content object 136 and voucher object 137. 

Figure 2 is a network diagram that expands the system shown in Figure 1 by 
illustrating the communication between retail content service 110 and receiving terminal 
140. A user (not shown) is coupled to receiving terminal 140. Receiving device 140 
communicates with retail content service 110 that iacludes content catalog 210, payment 

10 system 220, voucher system 230, and content hosting 240. 

When the user carries receiving terminal 140 into the commimication range of 
retail content service 110, the user can browse the content of retail content service 110 by 
sending catalog request 211 to content catalog 210 and receiving catalog response 212 
from content catalog 210. In one embodiment, the format of catalog request 211 and 

15 catalog response 212 complies with either wireless access protocol (WAP) or hypertext 
transfer protocol (HTTP). 

If the user decides to purchase content from retail content service 110, the user 
sends payment request 221 to payment system 220 and receives payment response 222 
from payment system 220. The payment mechanism includes subscription-based, micro, 

20 and pre-paid payment systems. The payment is reahzed by sending an SMS message to a 
predetermined number maintained by an operator. The receipt of the message generates a 
charge to the bill the user gets from the service operator and the user can pay the fee using 
a typical telephone bill payment method. In one embodiment, the format of payment 
request 221 and payment response 222 complies with either WAP or HTTP. 

25 The user receives either a Mobile Rights Voucher or a reference to the Mobile 

Rights Voucher from retail content service 110 as part of payment response 222. If the 
user receives the reference to the Mobile Rights Voucher, receiving terminal 140 retrieves 
the Mobile Rights Voucher by sending voucher request 231 to voucher system 230 and 
receiving voucher response 232 from voucher system 230. In one embodiment, the 

30 format of voucher request 231 and voucher response 232 complies with either a short 
messaging system (SMS), a multimedia messaging system (MMS), or an object download 
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architecture. In addition, the Mobile Rights Voucher can contain a pictorial cover of a 
multimedia message related to the content that the user wants to retrieve. 

The user either receives the content bundled with the Mobile Rights Voucher or 
downloads the content as an additional step. The user can download the content from 
5 retail content service 110 by sending content request 241 to content hosting 240 and 
receiving content response 242 from content hosting 240. In one embodiment, the format 
of content request 241 and content response 242 complies with either an SMS, an MMS, 
or an obj ect download architecture. 

There are many ways to model and implement a digital rights management 

10 (DRM) system to control the lifecycle of a piece of digital content. The voucher-based 
model of the system disclosed herein is flexible and provides a migration path to a more 
sophisticated system for managing digital commerce applications and private information. 
One embodiment of the system disclosed herein captures the usage rules, rights, and 
business rules in a Mobile Rights Voucher and stores the digital content (i.e., asset) and 

15 Mobile Rights Voucher as distinct objects in a content package. Since the content and the 
Mobile Rights Voucher are distinct objects, the consuming device can receive each piece 
separately. 

Figure 3 A illustrates an abstract representation of a Mobile Rights Voucher based 
on the ODRL specification. A voucher is a representation of the usage rights for an item 
20 of digital content. The voucher identifies an asset, lists the usage and associated 
constraints for the asset, includes meta-information to identify a voucher service, the 
asset, and a payment transaction method, and provides a mechanism to unlock the asset if 
protection is used. 

As shown in Figure 3A, Nokia Rights Voucher 300 is a Mobile Rights Voucher 
25 that includes meta-information 310 and usage information 320. Meta-information 310 
further comprises version segment 312, administrative segment 314, and transaction 
segment 316. Usage information 320 further comprises a list of asset 322 and protection 
324 pairs, intent rules 330, and default constraints 340. Intent rules 330 include print 
directive 331, play directive 332, execute directive 333, display directive 334, give 
30 directive 335, and copy directive 336. 

Nokia Rights Voucher 300 is a representation of the usage rights for a piece of 
digital content. The purpose of Nokia Rights Voucher 300 is to identify the assets that 
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require protection, define possible usage constraints for each asset, define meta- 
information for the voucher service, the assets, and the transaction^^ and provide a 
mechanism to unlock the content if protection is used. A device that processes a voucher 
and it's content are inherently trusted to respect the rights and usage constraints for the 
5 voucher and to disallow access to the content if the rights or usage constraints are 
ignored. 

Figure 3B is an embodiment of Nokia Rights Voucher 300, the abstract Mobile 
Rights Voucher shown in Figure 3A, which adheres to the XML specification. Line 1 
defines the version and encoding scheme for the XML shown in Figure 3B. Line 2 

10 specifies the location of the document type definition (DTD) file that defines the 
interpretation of the XML markup tags shown in Figure 3B. Lines 3 through 41 define 
the entire structure of Nokia Rights Voucher 300. Lines 4 through 8 define the entire 
structure of meta-information 310 and lines 9 through 40 define the entire structure of 
usage information 320. Line 4 illustrates version segment 312 of meta-information 310 

15 as an XML tag that specifies Nokia Rights Voucher 300 version 1.0.3. Lines 5 tln'ough 7 
illustrate administrative segment 314 of meta-information 310 as an XML tag that 
specifies the user identification (UID) as the URL "http://www.media- 
sampo.com/ScreenSaverService". Line 8 illustrates transaction segment 316 of meta- 
information 310 as an XML tag that specifies the transaction identifier (TID) 

20 "3457345987-6789-9". Lines 10 through 23 illustrate a hst that includes two pairs of 
asset 322 and protection 324 for usage information 320, respectively, lines 10 through 16 
and lines 17 through 23. Each pair specifies a UID for the asset and the protection 
associated with the UID. Lines 24 through 32 illustrate intent rules 330 of usage 
information 320. Line 24 illustrates display directive 334 of intent rules 330 that 

25 specifies that the recipient of Nokia Rights Voucher 300 has the right to display the 
content. Lines 25 through 32 illustrate the copy directive 336 of intent rules 330 that 
specifies tiiat the recipient of Nokia Rights Voucher 300 has tiie right to copy 
"previewvoucher.343453344@digitalshop.com" until August 30, 2001. Lines 33 through 
36 illustrate default constraints 340 of usage information 320. Default constraints 340 

30 specifies the individual UID "IMEI; 123456789123459" as the constraint. Lines 38 
through 40 illustrate the integrity protection constraints for Nokia Rights Voucher 300. 
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The XML embodiment of Nokia Riglits Voucher 300 requires a document type 
definitions (DTD) file, such as the file "C:\MRV1.0-subsetC.dtd" specified on fine 2 in 
Figure 3B, to specify the allowable order, structure, and attributes of XML markup tags 
for Nokia Rights Voucher 300. Figures 4A through 4V specify the DTD declarations and 
5 attributes for each element of the XML embodiment of the Mobile Rights Voucher shown 
in Figure 3B. In addition, Figures 4 A tihrough 4V describe a purpose and a description 
for each element, as well as an example that uses the element in a DTD file, and an 
interoperability description that maps the XML embodiment of Nokia Rights Voucher 
300 to a pure ODRL specification. 

10 A Mobile Rights Voucher includes a unique identifier that does not change for 

any instance of the voucher. The Mobile Rights Voucher is a universal resource identifier 
(URI) such as a uniform resoiirce locator (URL) and shordd include an absolute address 
path. In addition, the Mobile Rights Voucher should support at least the hypertext 
transfer protocol (HTTP), the international mobile equipment identity (IMEI) standard, 

15 the international subscriber identity (IMSI) standard, and the URL content identifier 
(CID) and message identifier (MID) schemes. 

A Mobile Rights Voucher that results firom a copy request by a user (i.e., using the 
"copy" intent rule associated with the voucher) will receive a new unique identifier. In 
addition, any self-referential links in the duphcated voucher (i.e., links defined in a 

20 ^'narrow" DTD element) will receive a new unique identifier. 

The XML embodiment of the Mobile Rights Voucher supports a phased release of 
a digital rights management (DRM) system for a mobile enviromnent. Thus, the fiill 
baseline Mobile Rights Voucher based on XML will result firom a three-phased release of 
the Mobile Rights Voucher DTD specification. 

25 Subset A of the Mobile Rights Voucher DTD specification is capable of 

expressing "no-rights" for a specific piece of digital content, that is, the user cannot use 
the digital content on the device. Subset A is intended for use with Smart Content Object 
and DRM packaging formats to express that the enclosed digital content is delivered 
without any rights and that a Mobile Rights Voucher is needed to access the content. The 

30 capabilities for Mobile Rights Voucher Subset A include: 

Download control Not Available 

Peer-to-peer control Not Available 
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Usage controls Not Available 

Encapsulation ..MIME multi-part/Smart Content Object 

Application routing MIME multi-part/Smart Content Object 

Transport Browsing (e.g., HTTP, WAP). 

5 Voucher technology Mobile Rights Voucher, Release 1, Subset A (ODRL- 

based) 

Protection Not Available 

IMPACT None 

Subset B of the Mobile Rights Voucher DTD specification supports flie first phase of the 
10 Light DRM implementation. The capabilities for Mobile Rights Vouchear Subset B 
include: 

Download control Voucher server authorizing content download 

Peer-to-peer control Simple distribution 

Usage controls Preview (count and time) 

1 5 Encapsulation MIME multi-part/Smart Content Obj ect 

Application routing MIME multi-part/Smart Content Object 

Transport Browsing (HTTP, WAP). Voucher and content can be 

transported independently. 

Voucher technology Mobile Rights Voucher, Release 1, Subset A (ODRL- 

20 based) 

Protection Not Available 

IMPACT IVlininial impact on phone client. Legacy phones will be 

able to use content download. Need for voucher server 
(and related payment). Prepares for Phase Two service 
25 model. 

Subset C of the Mobile Rights Voucher DTD specification supports the second phase of 
the Light DRM implementation. The capabilities for Mobile Rights Voucher Subset B 
include: 

Download control Voucher server authorizing content usage 

30 Peer-to-Peer Control Super distribution (person-to-person) possible 

Usage Controls Preview, Play, (not Give), Copy, Display, Print, and 

Execute 
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Encapsulation 

Application Routing 
Transport 



MIME multi-part/Smart Content Object 
MIME multi-part/Smart Content Object 



5 



Browsing (HTTP, WAP), MMS, and OBEX. Voucher 
and content can be transported independent of Smart 
Content Object. 



Voucher Technology 



Mobile Rights Voucher Release 1 (ODRL-based) 



10 



Protection 



IMPACT 



Content and voucher encryption and integrity protection 
Medium impact on phone design (framework for usage 
rights and content storage). Opens up new super 
distribution-based business models. 



Backward compatibility is supported in every phase of the Mobile Rights Voucher 
DTD specification development. Thus, a voucher conforming to Mobile Rights Voucher 
subset A will be fully understood on a terminal that implements Mobile Rights Voucher 
subset A, B, or C. Similarly, a voucher conforming to Mobile Rights Voucher subset B 
15 will be fully understood in a terminal that implements Mobile Rights Voucher subset B or 



Forward compatibility, on the other hand, is not guaranteed because some new 
elements may not be understood. Tliis is a potentially dangerous situation regarding the 
protection of the expressed rights. If a device receives a piece of content that contains a 

20 constraint type (e.g., count, datetime, or individual elements) that the DTD cannot 
interpret, the entire constrain element is deemed to have failed. This ensures that no 
rights are lost. Thus, a voucher that conforms to Mobile Rights Voucher subset C cannot 
be guaranteed to be imderstood on a terminal that implements Mobile Rights Voucher 
subset B. The voucher may be used, however, if all constrain type in relevant constrain 

25 elements are understood by the subset B conforming device. 

Figure 5A illustrates an exemplary DTD for subset A of the Mobile Rights 
Voucher. The DTD defines the minimum and optional requirements for representing a 
container for multimedia digital assets that can expresses "iio-right" or "full-right" for 
each asset. The quality "no-right" means that the associated asset is not to be used on the 

30 device at all, whereas the quality "full-right" means that the associated asset can be used 
on any device. Line 1 defines the version and encoding scheme for the DTD shown in 
Figure 5A. Lines 2 through 5 are a comment. The DTD requires the presence of the 



C. 
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"rights" element on lines 6 through 9 because the ''rights" element is the root element for 
the Mobile Rights Voucher object. The "rights" includes zero or one "admin" elements 
and exactly one "usage" element. The DTD also i*equires the presence of the "admin" 
element on line 10 because the "admin" element describes the entity for identifying 
5 resource of vouchers. The "admin" element includes exactly one "uid" element. The 
DTD requires the presence of the "usage" element on line 11 because the "tisage" element 
defines the usage rights for an asset. The "usage" element includes exactly one "asset" 
element. The "no-rights" usage is assigned to restrict access to the asset and the "full- 
rights" usage is assigned to use the asset. The absence of an asset declaration means that 

10 the voucher is associated with the enclosing content package. The DTD requires the 
presence of the "asset" element on line 12 because the "asset" element creates a reference 
to each asset associated with this voucher. The "assef element includes zero or one 
"uid" element. The DTD requires the presence of the "uid" element on line 13 because 
the "uid" element represents a URI string. The "uid" element includes parsed character 

15 data. 

Figure SB illustrates an exemplary DTD for subset B of the Mobile Rights 
Voucher. The DTD is intended to deliver a small and concise rights expression voucher 
by supporting content preview by count for multiple content types (i.e., multiple intents) 
and transaction and administrative (i.e., retail server URL) infomiation. Line 1 defines 

20 the version and encoding scheme for the DTD shown in Figure SB. Lines 2 through 5 are 
a comment. The DTD reqxiires the presence of the "rights" element on lines 6 through 9 
because tire "rights" element is the root element for the Mobile Rights Voucher object. 
The "rights" element includes zero or one "version" element, zero or one "admin" 
element, zero or one "transaction" element, and one or more "usage" elements. The 

25 "version" element on line 10 is an optional requirement that is set to the version number 
for the DTD (e.g., "1.0). The "version" element includes parsed character data. The 
DTD requires the presence of the "admin" element on line 1 1 because the "admin" 
element describes the entity for identifying resoirrce of vouchers. The "admin" element 
includes exactly one "uid" element. The DTD requires the presence of tibie ^'uid" element 

30 on line 12 because the "uid" element represents a URI string. The "uid" element includes 
parsed character data. The DTD requires the presence of the "transaction" element on 
line 13 because the "transaction" element specifies payment-related information in a 
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format that is defined by the type of payment chosen. The "transaction" element includes 
parsed character data. The DTD requires the presence of the "usage" element on line 14 
because the "usage" element defines the usage rights for an asset. The "usage" element 
includes exactly one "asset" element, zero or one "display" element, zero or one "play" 
5 element, zero or one "execute" element, and zero or one "copy" element Subset B 
provides support for preview related rights such as "display", "play", "execute", and 
"copy" that are only used once, but does not support any super-distribution rights such as 
"copy" or "give". The DTD requires the "asset" element on line 15 because the "asset" 
element creates a reference to each asset associated with this voucher. The "asset" 

10 element includes zero or more "uid" elements. The DTD requires the "display" element 
on line 16 because the "display" element defines the rights to visually render an asset on a 
display device. The "display" element includes zero or one "constrain" elements. For 
subset B, "display" is a preview element and only allows rendering of an asset one time. 
The DTD requires the presence of the "play" element on line 17 because the "play" 

15 element defines the rights to render an asset into audio or video form. A visual asset that 
does not change over thne can be regarded as a "still video" and rendered using the 
"play" element as opposed to the "display" element. The "play" element includes zero or 
one "constrain" elements. For subset B, "play" is a preview element and only allows 
rendering of an asset one time. The DTD requires the presence of the "execute" element 

20 on line 18 because the "execute" element defines the rights to render an asset into 
machine-readable form. The "execute" element includes zero or one "constrain" 
elements. For subset B, "execute" is a preview element and only allows rendering of an 
asset one time. The DTD requires the presence of the "copy" element on line 19 because 
the "copy" element defines the rights to forward a copy of an asset to another user's 

25 terminal. The "copy element includes zero or one "constrain" elements. For subset B, 
"copy" is a preview element and only allows forwarding a preview copy of an asset. The 
DTD requires the presence of the "constrain" element on line 20 because the "constrain" 
element is used to ensure there is only one usage of the intent. The "constrain" element 
includes zero or one "count" elements and zero or one "datetime" elements. The DTD 

30 requires the presence of the "count" element on line 21 because the "count" element holds 
the one usage restriction. The "count" element includes parsed character data. The DTD 
requires the presence of the "datetime" element on line 22 because the "datetime" 
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element restricts usage based on time. The "datetime" element includes zero or one 
"start" element and zero or one "end" element The DTD requires the presence of the 
"start" element on line 23 because the "start" element sets a starting count or a starting 
date. The "start" element includes parsed character data. The DTD requires the presence 
5 of the "end" element on line 24 because the "end" element sets an ending count or an 
ending date. The "end" element includes parsed character data. 

Figure 5C illustrates an exemplary DTD for subset C of the Mobile Rights 
Voucher. The DTD is intended to deliver additional rights to the subset B voucher by 
supporting content usage controlled by the voucher system, super-distribution business 

10 models, possible binding to device IMEI, and possible protection. Line 1 defines the 
version and encoding scheme for the DTD shown in Figure 5C. Lines 2 through 5 are a 
comment. The DTD requires the presence of the "rights" element on lines 6 through 10 
because the "rights" element is the root element for the Mobile Rights Voucher object. 
The "rights" element includes zero or one "version" element, zero or one "admin" 

15 element, zero or one "transaction" element, one or more "usage" elements, and zero or 
one "protection" elements. The "version" element on line 11 is an optional requirement 
that is set to the version number for the DTD (e.g., "1.0). The "version" element includes 
parsed character data. The DTD requires the presence of the "admin" element on line 12 
because the "admin" element describes the entity for identifyiag resource of vouchers. 

20 The "admin" element includes one or more "uid" elements. The DTD requires the 
presence of the "uid" element on line 13 because the "uid" element represents a URI 
string. The "uid" element includes parsed character data. The DTD requires the presence 
of the "transaction" element on line 14 because the "transaction" element specifies 
payment-related information in a format that is defined by the type of payment chosen. 

25 The "transaction" element rucludes parsed character data. The "protection" element on 
line 15 is an optional requirement that stores protection ioformation for the content 
package. The "protection" element includes parsed character data. The DTD requires the 
presence of the "usage" element on lines 16 and 17 because the 'Visage" element defines 
the usage rights for an asset. Subset C provides flail support including super-distribution 

30 rights for intents such as "prinf , "display", "play", "execute", and "copy", but does not 
support the super-distribution rights for the "give" intent. The "usage" element includes 
one or more "asset" elements, zero or more "print" elements, zero or more "display" 
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elements, zero or more "play" elements, zero or more "execute" elements, zero or more 
"copy" elements, and zero or one "constrain" elements. The DTD requires the presence 
of the "asset" element on line 18 because the "asset" element creates a reference to each 
asset, the rights-holder, and any protection associated with this voucher. The "asset" 
5 element includes zero or more '*uid" elements, zero or more "rightsholder" elements, and 
zero or one "protection" element. The DTD requires the presence of the "rightsholder" 
element on line 19 because the "rightsholder" element enables the association of a rights- 
holder with a specified asset. The "rightsholder" element includes exactly one '"iiid" 
element. The DTD requires the presence of the **print" element on line 20 because the 

10 "print" element defines the rights to visually render an asset on a display device. The 
"print" element includes zero or one "constrain" element. For subset C, "print" is a 
preview element and only allows rendering of an asset one time. The DTD requires the 
presence of the "display" element on line 21 because the "display" element defines the 
rights to visually render an asset on a display device. The "display" element includes 

15 zero or one "constrain" element. For subset C, "display" is a preview element and only 
allows rendering of an asset one time. The DTD requires the presence of the "play" 
element on line 22 because the "play" element defines the rights to render an asset into 
audio or video form. A visual asset that does not change over time can be regarded as a 
"still video" and rendered using the "play" element as opposed to the "display" element. 

20 The "play" element includes zero or one "constrain" element. For subset C, "play" is a 
preview element and only allows rendering of an asset one time. The DTD requires the 
presence of the "execute" element on line 23 because the "execute" element defines the 
rights to render an asset into machine-readable form. The "execute" element includes 
zero or one "constrain" element. For subset C, "execute" is a preview element and only 

25 allows rendering of an asset one time. The DTD requires the presence of the "copy" 
element on line 24 because the "copy" element provides support for super-distribution of 
assets and the ability to duplicate narrowed vouchers. The "copy" element includes zero 
or one "constrain" element and one or more "narrow" elements. The DTD requires the 
presence of the "narrow" element on line 25 because the "narrow" element provides a hst 

30 of vouchers that will be duplicated with the content. The "narrow" element includes zero 
or more "uid" elements. The DTD requires the presence of the "constrain" element on 
line 26 because the "constrain" element is used to ensure there is only one usage of the 



wo 03/005145 



37 



PCT/IB02/02591 



intent. The "constrain" element includes zero or one "datetime" element, zero or one 
"count" element, and zero or more "individual" elements. The DTD requires the 
presence of the "datetime" element on hne 27 because the "datetime" element restricts 
usage based on time. The "datetime" element includes zero or one "start" element and 
5 zero or one "end" element. The DTD requires the presence of the "start" element on line 
28 because the "start" element sets a starting count or a starting date. The "start" element 
includes parsed character data. The DTD requires the presence of the "end" element on 
line 29 because the "end" element sets an ending count or an ending date. The "end" 
element includes parsed character data. The DTD requires the presence of the "count" 

10 element on line 30 because the "count" element holds the one usage restriction. The 
"count" element includes parsed character data. The "individual" element on line 31 is an 
optional requirement that provides the capability to associate the defined rights with a 
specified device or user. The "individual" element includes one or more "uid" elements. 
Figure 5D illustrates an exemplary baseUne DTD for the Mobile Rights Voucher. 

15 The baseUne DTD provides capabilities in addition to the capabilities provided in subset 
C. Line 1 defines the version and encoding scheme for the DTD shown in Figure 5D. 
Lines 2 through 6 are a comment. The DTD requires the presence of the "rights" element 
on lines 7 through 11 because the "rights" element is the root element for the Mobile 
Rights Voucher object. The "rights" element includes zero or one "version" element, 

20 zero or one "admin" element, zero or one "transaction" element, one or more "usage" 
elements, and zero or one "protection" elements. The "version" element on line 12 is a 
should reqiiirement that is set to the version number for the DTD (e.g., "1.0). The 
"version" element includes parsed character data. The DTD requires the presence of the 
"admia" element on hne 13 because the "admin" element describes the entity for 

25 identifying resoixrce of vouchers. The "admin" element includes one or more "uid" 
elements. The DTD requires the presence of the "uid" element on line 14 because the 
"uid" element represents a URl string. The "uid" element includes parsed character data. 
The DTD requires the presence of the '^transaction" element on line 15 because the 
"transaction" element specifies payment-related information in a format that is defined by 

30 the type of payment chosen. The "transaction" element includes parsed character data. 
The "protection" element on line 16 is a should requirement that stores protection 
information for the content package. The "protection" element includes parsed character 
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data. The DTD requires the presence of the "usage" element on lines 17 and 18 because 
the "usage" element defines the usage rights for an asset. The baseline DTD provides full 
support including super-distribution rights for intents such as "print", "display", "play", 
"execute", "copy", and "give". The "usage" element includes one or more "asset" 
5 elements, zero or more "print" elements, zero or more "display" elements, zero or more 
"play" elements, zero or more "execute" elements, zero or more "copy" elements, zero or 
more "give" elements, and zero or one "constrain" elements. The DTD requires the 
presence of the "asset" element on line 19 because the "asset" element creates a reference 
to each asset, the rights-holder, and any protection associated with this voucher. The 

10 "asset" element includes zero or more "uid" elements, zero or more "rightsholder" 
elements, and zero or one "protection" element. The DTD requires the presence of the 
"rightsholder" element on line 20 because the "rightsholder" element enables the 
association of a rights-holder with a specified asset. The "rightsholder" element includes 
exactly one "uid" element. The DTD requires the presence of the "print" element on line 

15 21 because the "print" element defines the rights to visually render an asset on a display 
device. The "print" element includes zero or more "constrain" elements. The DTD 
requires the presence of the "display" element on line 22 because the "display" element 
defines the rights to visually render an asset on a display device. The "display" element 
includes zero or more "constrain" elements. The DTD requires the presence of the "play" 

20 element on line 23 because the "play" element defines the rights to render an asset into 
audio or video form. A visual asset that does not change over time can be regarded as a 
"still video" aad rendered using the "play" element as opposed to the "display" element. 
The "play" element includes zero or more "constrain" elements. The DTD requires the 
presence of the "execute" element on line 24 because the "execute" element defines the 

25 rights to render an asset into machine-readable form. The "execute" element includes 
zero or more "constrain" elements. The DTD requires the presence of the "copy" element 
on line 25 because the "copy" element provides support for super-distribution of assets 
and the ability to duplicate narrowed vouchers. The "copy" element includes zero or 
more "constrain" elements and one or more "narrow" elements. The DTD requires the 

30 presence of the "give" element on line 26 because the "give" element provides support for 
transfer of an asset to another temiinal or user. The "give" element includes zero or more 
"constrain" elements aad one or more "narrow" elements. The DTD requires the 
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presence of the "narrow" element on line 27 because the "narrow" element provides a list 
of vouchers that will be duplicated with the content. The "narrow" element includes zero 
or more "uid" elements. The DTD requires the presence of the "constrain" element on 
line 28 because the "constrain" element is used to ensure there is only one usage of the 
5 intent. The "constrain" element includes zero or more "datetime" elements, zero or more 
"count" elements, and zero or more "individual" elements. The DTD requires the 
presence of the "datetime" element on line 29 because the "datetime" element restricts 
usage based on time. The "datetime" element includes zero or one "start" element and 
zero or one "end" element. The DTD requires the presence of the "start" element on line 

10 30 because the "start" element sets a starting count or a starting date. The "start" element 
includes parsed character data. The DTD requires the presence of the "end" element on 
line 31 because the "end" element sets an ending count or an ending date. The "end" 
element includes parsed character data. The DTD requires the presence of the "count" 
element on line 32 because the "count" element holds the one usage restriction. The 

15 "count" element includes parsed character data. The "individual" element on hne 33 is an 
optional requirement that provides the capability to associate the defined rights with a 
specified device or user. The "individual" element includes one or more "uid" elements. 

The XML embodiment of the Mobile Rights Voucher requires strict conformance 
with the implementation requirements described below. The requirements disclosed 

20 herein apply to every subset of Mobile Rights Voucher unless otherwise stated. 

A voucher is an atomic unit and cannot be specified in part or divided into parts. 
When a voucher is dehvered to a terminal it is associated with an identifier. The 
identifier is a valid URI, is dehvered with the voucher in the dehvery package, and is 
stored with the voucher on the terminal. Examples of the delivery packaging include 

25 multipurpose Intemet mail extensions (MIME), multimedia messaging system (MMS) 
and NSC. Valid URI schemes include URL and MSG-ID. This supports voucher 
identification which is necessary for distribution. 

An asset (i.e., an item of digital content) is associated with an identifier. The 
identifier is a vaUd URI. The identifier is delivered with the asset in the delivery package 

30 and is stored with the asset on the terminal. Examples of the delivery packaging include 
MIME, MMS and NSC. Vahd URI schemes include URL and MSG-ID. This supports 
asset identification and is critical for the expression of rights in the voucher. 
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A piece of digital content delivered as part of the Light DRM system has an 
associated rights voucher that contains the usage rights controlling access to the content. 
All access is governed through the voucher and the rights expressed within the voucher. 

A system that implements the Mobile Rights Voucher architecture disclosed 
5 herein must respect the rights expressed in the voucher. If a device receives a piece of 
content that includes a constrain element that contains a constraint type (e.g., count, 
datetime, or individual) that it cannot interpret, the entire constrain element is deemed to 
have failed and the device retums boolean "false". This ensures that no rights are lost. 
Thus, a voucher conforming to Mobile Rights Voucher Subset C which cannot be 
10 guaranteed to be understood on a terminal implementing Mobile Rights Voucher Subset 
B may be used if all constrain types in relevant constrain elements are understood by the 
Subset B conformant device. 

In addition, the implementation is able to associate each digital asset (i.e., piece of 
content) with the associated Mobile Rights Voucher. This is accomplished by linking the 
15 identifier references under the asset tag declaration in the Mobile Rights Voucher and the 
identifier reference dehvered with each digital asset or piece of content. This supports the 
independent delivery of the voucher and the associated content. 

The intent elements specified in the XML DTD support current content types. 
The implementing apphcations should use the most appropriate intent elements for their 
20 content. If an intent element is not declared then that intent element must not be invoked 
on the specified asset(s). An intent may contain several constrain elements that evaluate 
to a boolean value. For example: 

int entire suit 

= evaluation if an intent can be invoked or not 
25 = (true AND intent_constrain_result AND usage__constrain_result) 

When the result of the evaluation is "false" the intent has failed and the intent must not be 

invoked. For example: 

int ent_cons train_re suit 
30 = evaluation of ALL constrain elements expressed under an intent 

= (time AND cons trainee lement_l AND constrain_element_2 AND ... 
AND cons train_el amen t_N) 

When the result of the evaluation is "false" the intent constrain has failed and the result is 
35 used as part of the greater expression evaluation. The English description of the boolean 
expression is that both the constrain elements attached to an intent AND the usage 
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(default) constrain element must all be satisfied (i.e., evaluate to "true) before the intent 
can be invoked. 

A constraint element can be associated with either a usage element or an intent 
element. A constraint can have several types of constraints. The implementation is 
5 pessimistic. Thus, if any constraint for an intent element fails then that intent must not be 
invoked on the content. This supports combinations of individual and time expiry of 
content. This is a boolean expression evaluating to either true or false. For example: 

constrain_element 

= evaluation of all constrain- types under a constrain element. 
10 = {true AND constrain_type_l ATsTD constrain_type_2 AND ... 

AND constrain_type_N) 

When the result is boolean *Talse'' the constrain element has failed and this result is used 
as part of the greater expression evaluation. 
15 The constrain element that can be declared at the usage element level is a default 

constraint that is applied to all intent elements under that usage element. 

usage_constrain_result 

« (true AND constrain_type_l AND constrain_type__2 AND ... 
AND constrain__type_N) 

20 

When the result is boolean false the usage constrain has failed and this result is used as 
part of the greater expression evaluation. 

If an intent element contains no constrain elements then the asset can be used 
without restriction for that intent. 

25 If there are no intent elements declared, then the asset must not be used for any 

reason. This is a special case that is used to express "no-rights" to the specified assets. 

The count constraint iudicates the number of times an intent element can be 
invoked on an asset. The count element is a non-negative integer number and can include 
zero. The implementing system must maintain outside the voucher the current count for 

30 that voucher-usage-intent constrain element. Each count has its own variable and is 
updated separately. When the running total is equal to the count value in the voucher, the 
coxmt is considered expended. Thus, the content must not be used for that intent after the 
count is expended. This is referred to a "remaining rights*'. Invocation of an intent 
element that has multiple count constraints will cause each associated variable to be 

35 incremented upon the invocation of the intent element. 
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The datetime constraint indicates a period of time when an intent element can be 
invoked on an asset The datetime element may include an end element indicating the 
expiration date beyond which the content must not be used. If there is a st^ element 
then the asset must not be used before that point. If the start element is missing then the 
5 start time is the current time. The format for the value type is expressed as the complete 
representation, basic format for a calendar date. The textual format specifies a four-digit 
year, two-digit month, and two-digit day of the month. There are no textual separator 
characters between the year, month, and day of the month. The implementing system 
must ensure that vouchers are created consistently such that the start time is less than the 

10 end time. For release 1 (subsets A, B, and C) of the Mobile Rights Voucher the datetime 
element only support calendar dates. In addition, there are not remaining rights with the 
datetime element. Release 2 of the Mobile Rights Voucher will provide support for 
relative datetime periods and will include the time of day in addition to the calendar date. 
For release 2 of the Mobile Rights Voucher, the imiversal time constant (UTC) format 

1 5 will be used for the time of day. 

The individual constraint requires that the consuming terminal be able to match a 
locally stored unique identifier to the unique identifier included in the voucher. It is 
recommended that the unique identity is securely associated with to the terminal using 
either as an International Mobile Equipment Identity (IMEI) number or an identifier from 

20 a Wireless Identity Module (WIM). If this identity is not present in the terminal then the 
intent must not be used. The identity in the voucher is expressed as a URI. 

Distribution by copying the content is accomplished by a digital voucher stored at 
a user's node in the network. The user's node is the distributing terminal and can include 
the user's mobile or wireless device. The digital voucher authorizes the distributing 

25 terminal to cause the duplication of the specified primary or secondary content that may 
be located in the distributing terminal or elsewhere in the network. The receiving 
terminal can then download the duplicated copy of the content, based on the terms 
specified in the voucher. 

As shown in Figure 6, the Mobile Rights Voucher includes support for the 

30 distribution of content using a "copy" intent and a "give" intent. These are only two of 
the building blocks used in the creation of a content super distribution business. 
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The "copy" intent has the semantics to make a faithfixl duplicate of the content 
resulting in a new instance with the same specified rights (the "dupHcate" here refers to 
the new instance). The copier does not lose any rights to the content. The copied assets 
may have to be regenerated if the voucher is "personalized" (this will be discussed later). 
5 If a voucher does not contain a "copy" intent element then the specified assets and 
vouchers cannot be copied (or given). The copy operation is achieved using the Mobile 
Rights Voucher format, the user agent behavior, and some protocol elements. An 
ttnderstanding of copy will require reading each of these sections. 

The "copy" intent element specifies that the asset(s) defined in the enclosing 

10 usage are to be duplicated in preparation for forwarding. The forwarding is a feature 
supported by the application. Associated with a "copy" intent element are the usual 
constraints that have been discussed above and the "copy" intent must only be invoked if 
there is no satisfied constraint. 

Also included with the "copy" intent is the narrow element, hi the narrow 

15 element one must either specify the references for the vouchers that are to be duplicated 
in addition to the assets and then associated with those assets for forwarding, or if no 
voucher is specified the enclosing voucher is assumed to be implicitly specified. This 
perpetuated the requirement for voucher identifiers. The additional vouchers are extemal 
to the original voucher and could even be located on a separate system although this 

20 would greatly affect implementation. 

Figure 6 illustrates the distribution of content in a mobile environment using the 
Mobile Rights Voucher copy intent. In Figure 6, a user (not shown) coupled to 
distributing terminal 200 purchases some digital content and is copying or forwarding the 
digital content to receiving terminal 240. Resident in the memory of distributing terminal 

25 200 is content store 600 and voucher store 610. Content store 600 includes two pieces of 
digital content, primary content 602 and secondary content 604. Voucher store 610 
includes two vouchers, primary voucher 612 and secondary voucher 614. Primary 
voucher 612 is a "fiill rights" voucher that allows the user to render the content as many 
times as necessary, but elimiaates the fear of leaking rights by not allowing the 

30 duplication of the content. Primary voucher 612 includes pointers to primary content 602 
and secondary content 604. Secondary voucher 614 is a "preview" voucher that 
distributes a preview or one-thne copy of the content to another user. Secondary voucher 
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614 includes pointers to primary content 602 and secondary content 604. Piimary 
voucher 612 includes a reference, in the narrow element, to secondary voucher 614. 
Secondary voucher 614 includes a reference, in the narrow element, to secondary voucher 
614 to itself that allows secondary voucher 614 to create a duplicate of itself. 
5 If an application supports the Mohile Rights Voucher copy or forwarding feature, 

the user can invoke a forwarding operation to copy the content to another user coupled to 
receiving terminal 240. The "copy" intent associated with primary voucher 612 
duplicates primary content 602 as primary content 622, and signals secondary voucher 
614 to duplicate secondary content 604 as secondary content 624 and duplicate secondary 

10 voucher 614 as duplicate voucher 632. When the forwarding operation is complete, 
primary content 622, secondary content 624, and duplicate voucher 632 are resident in the 
memory of receiving terminal 240. Furthermore, duplicate voucher 632 includes pointers 
to primary content 622, secondary content 624, and a reference, in the narrow element, to 
itself that allows duplicate voucher 632 to create a duplicate of itself. 

15 A "personalized" voucher is a voucher that contains information that is specific to 

the terminal to which it is being sent. The "personalized" voucher includes individual 
and protection elements and sometimes includes admin and transaction elements. For any 
of these elements, but especially individual and protection, it will be necessary to 
regenerate the copied voucher before it can be forwarded to another user. This is 

20 performed either on the terminal itself or on the network. Termiaals must not modify 
vouchers for Mobile Rights Voucher release 1 except for identifier regeneration during 
copy. There are significant side affects that make sufficient implementation very 
difficult. Any regeneration of a voucher must take place at a Voucher server on the 
network. There is a protocol for this that is explained later. 

25 The "give" intent has the semantics that one gives away rights to another party. 

Thus, after invoking the "give" intent, the giver may be left with no rights to the given 
content. The give operation is very similar to the copy operation described above with 
the following key differences. 

The content is duplicated similar to the copy operation, however, the given usage 

30 rights are removed firom the givers voucher. In fact, the vouchers are queued for dehvery 
to the target terminal. The giver creates a "no-rights" voucher in the place of the given 
voucher. This is achieved by duplicatitig the original voucher and then removing the 
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intents from the usage block. It is useful for giver to maintain the admin and transaction 
information firom the original voucher. 

Again there is an issue of "personalized" vouchers such that the give would have 
to involve a regeneration process of the given voucher. The issues are the same as with 
5 copy. Thus, give is performed with the aid of an intermediary voucher server rather than 
performing the give from one terminal to another. 

The remaining rights differ from the "copy" intent. When a voucher is given to 
another party only the remaining rights from that voucher can be given. In this scenario, 
the giver uses an intermediaiy voucher server rather than performing the give from one 
10 terminal to another. 

Usage rights may be defined as unlimited or limited. In the case of unlimited 
rights, remaining rights are always equal to original rights. 

Limited rights fall into one of two categories, rights that are unaffected by actual 
usage, and rights that are reduced by usage. 
15 Limited rights that are unaffected by usage include "the right to use an asset until 

a specified datetime". The remaining rights of the asset is "until that date and time". 

Limited rights that are affected by usage include "use the asset COUNT number 
of times" and "use the asset for INTERVAL nxunber of seconds" (not in Mobile Rights 
Voucher, Release 1). The remaining rights of the asset are the COUNT or INTERVAL 
20 currently unused. Use is defined as either PLAY/DISPLAY/etc. or GIVE. 

Copy must not take account of remaining rights. When copy is invoked on a 
voucher it must make an exact duplicate of the expressed rights. 

End-to-end solutions are required to protect content and the vouchers that 
authorize use of that content. There are three areas in which content may be attacked by 
25 hackers within a closed-distribution mobile environment. If a closed environment is 
undesirable or is too expensive to achieve, the only altemative is to ensure that the 
content is protected. This will require that parts of the voucher also be protected. 

First, content is subject to attack by hackers in a closed-distribution mobile 
environment on the Service Provider server. Protection on the server is achieved by 
30 implementing proper secure environments and premises combined with appropriate 
mechanisms to guarantee that only paying customers have access to the content. Since 
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the compromise of a server will result in theft of all content, similarly strong security is 
assumed for server for all categories of time value of content. 

Second, content is subject to attack by hackers in a closed-distribution mobile 
environment while in transit from the Service Provider to the device. Technologies for 
5 securing content in transit include secure socket layer (SSL) or wireless transport layer 
seciirity (WTLS) for session-based protection and encrypted content and vouchers that do 
not depend upon encrypted communication lines. 

Third, content is subject to attack by hackers in a closed-distribution mobile 
environment while stored on the device. It is important to note that even if content is 

10 protected while in transit, once it is stored in the device it is vulnerable to attack. 
Solutions include hardware and tamper resistance techniques, persistently protecting the 
content using encryption techniques such as RSA or Diffie-Hellman encryption, and a 
combination of tamper resistance and encryption. The protection strategy depends on 
features of the device and the time-sensitive nature of the content. 

15 The Mobile Rights Voucher can be used in solutions where the content is of a 

very low value but is distributed in a very large volimie. In this environment, distribution 
costs are very low. hi addition, the need for protection is balanced with the content value, 
cost of protection (terminal and network infrastmcture) and the consumer usabiUty issues. 
If the Mobile Rights Voucher protects the operatmg environment, it is not possible 

20 for content with associated Mobile Rights Voucher vouchers to be distributed outside the 
operating environment. This is termed a "closed system" approach. The major cost in 
this solution is to engineer terminals that will respect this restriction for content with 
vouchers and to ensure that inter-operating terminals (developed by other vendors) will 
also respect the closed system requirement On the other hand, if the Mobile Rights 

25 Voucher protects the content, even if content is leaked it is unusable due to the protection. 
Encryption is the typical mechanism used to achieve this. The major cost in this solution 
is the creation of a terminal key for each terminal and protecting those keys and the 
associated key infrastructure required for managing the system. 

Mobile Rights Voucher will support basic protection facilities. It is possible that 

30 the assets referenced in the voucher are protected (e.g. using encryption). If the assets are 
protected, a protection instrument (e.g. decryption key) would be necessary to open the 
asset. This protection instrument could arrive to the consuming device prior to the 
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purchase, with the purchase, or as part of a separate transaction. If the protection 
instrument arrives prior to the purchase, an instrument can be manufactured into the 
device or provisioned to the device. If the protection instrument arrives with the 
purchase, the instrument can be deUvered to the device in a voucher as part of the asset 
5 purchase transaction. If the protection instrument arrives as part of a separate transaction, 
the instrument can be deUvered to the device by means other than a voucher as part of the 
asset purchase transaction. 

The Mobile Rights Voucher accounts for the protection instrument arriving with 
the purchase. The Mobile Rights Voucher supports this with a protection element that 
10 can carry the protection instrument (e.g. a decryption key) that can open the protected 
asset(s). Since protecting assets without protecting the protection instrument that can 
open the asset provides little additional security, it is reasonable to expect that the 
protection instrument will itself be protected (e.g. by encryption). If the protection 
instrument is secured in some way there is a system external to the voucher system which 
15 enable access to the secured protection instrument. This part of the protection scenario is 
outside the scope of Mobile Rights Voucher. 

The Mobile Rights Voucher protection element is a container for meta- 
information for protection related information that might be transmitted with the voucher. 
Since ODRL does not support any protection features, the Mobile Rights Voucher is 
20 adding these protection features to the ODRL specification. 

The XML embodiment of the Mobile Rights Voucher defines the following 
headers for use with either an HTTP header or a MIME header. These headers have been 
defined for the purpose of exchanging vouchers between entities. For different transport 
systems the following are repUcated. These are needed to support content distribution 
25 where the voucher requires regeneration from a Voucher Server. 

x-mrv-giveVoucherSend Used to indicate to a voucher server that the 

associated voucher is to be handed to another 
entity. The final receiving entity will identify 
itself using the x-mrv-drv-voucherlndex header. 
30 The element can take the parameters "req" and 

*'resp". 
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x-mrv-voucherlndex Used to indicate to the receiver that the attached 

voucher should be used to automatically retrieve 
a new voucher from the location defined by the 
ADMIN element definition. It is possible that 
5 the Voucher Server would attempt to 

authenticate the receiver at this point 

Accept-content Takes a list of accepted media types as 

parameters. If the device indicates that it 
supports the Mobile Rights Voucher media type 
10 it also must adhere to the roles of at least the 

MIN profile. 

x-mrv-mode Indicates to the receiver which versions of 

Mobile Rights Voucher are supported by the 
client. 

15 The source terminal of the copy operation can send the voucher to be copied, as 

well as the asset, to the destination or target terminal of the copy operation. The voucher 
may be defined using a narrow attribute. 

Figure 7 illustrates the Mobile Rights Voucher non-personalized copy process for 
sending a preview copy of protected digital content. In Figure 7, a user (not shown) 

20 coupled to distributing terminal 200 purchases some digital content and wants to send an 
unedited preview copy of the digital content to receiving terminal 240. Primary content 
702, primary voucher 712, and secondary voucher 714 are resident in the memory of 
distributing terminal 200. Primary voucher 712 is a "full rights" voucher that allows the 
user to render the content as many times as necessary, but eliminates the fear of leaking 

25 rights by not allowing the duplication of the content. Primary voucher 712 includes 
pointers to primary content 702 and a reference, in the narrow element, to secondary 
voucher 714. Secondary voucher 714 is a "preview" voucher that distributes a preview or 
one-time copy of the content to another user. Secondary voucher 714 includes pointers to 
primary content 702, and a reference, in the narrow element, to itself that allows 

30 secondary voucher 714 to create a duplicate of itself. 

If an application supports the Mobile Rights Voucher non-personalized copy 
feature, the user can invoke a forwarding operation to copy the content to another user 
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coupled to receiving terminal 240. When the user selects to send a preview voucher to 
receiving terminal 240, the distributing terminal 200 retains the rights to primary content 
702 and continues to maintain primary voucher 712 and secondary voucher 714. The 
"copy" intent associated with secondary voucher 714 duplicates secondary voucher 714 
5 as duplicate voucher 732 and duplicates primary content 702 as primary content 722. 
Distributing terminal 200 may transfer primary content 722 and duplicate voucher 732 to 
receiving terminal 240 separately or as a single unit. When the non-personalized copy is 
complete, primary content 722 and duplicate voucher 732 are resident in the memory of 
receiving terminal 240. Furthermore, duplicate voucher 732 includes a pointer to primaiy 

10 content 722, and a reference, in the narrow element, to itself that allows duplicate voucher 
732 to create a dupUcate of itself. 

The protocol for a personalized give covers the case when a regeneration of a 
voucher is necessary such as changing the protection, removing personal information in 
an admin or transaction, and updating individual constraints. A "give" intent require 

15 attention to the remaining rights because the receiver must not receive more rights than 
there are remaining on tlie giver's terminal. 

The client knows when a voucher regeneration is required if it is to give a voucher 
to a target and his own voucher is personalized, or if the usage rights defined by the 
narrow attribute indicate that the voucher is personalized for himself rather than the 

20 intended receiver. 

The client sends a copy of his voucher to the voucher server using an HTTP POST 
operation. The voucher server recognizes the give intent semaatics by tlie header "x-mrv- 
giveVoucherSend" with the parameter "req". The voucher server responds with a "given 
voucher reference" when the giving entity receives this reference he has logically 

25 performed the give operation, and lost usage rights. The given voucher reference is a 
voucher that includes the administrative mformation, that includes the reference index, 
and no rights to the asset. The response message includes the header "x-mrv- 
giveVoucherSend" with the parameter "resp". 

The reference index is formatted as a parameter to the administrative URI. The 

30 format of this parameter is up to the voucher server. The mechanism to transport the 
"given voucher reference" can be done by any peer-to-peer transport mechanism that both 
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entities are known to support and should be identified in the header with a "x-mrv- 
voucherlndex" element. 

The target client receives the reference voucher, potentially in combination with 
the asset, and contacts the voucher server defined by the administrative element, and the 
5 parameters that identify the particular voucher. The voucher server recognizes the give 
semantics by the unique administrative URI that is used by the client. The voucher server 
responds with a new personalized or protected voucher. 

The giving entity does not at any point know the identity of the receiving device. 
This makes the "give" process Ught-weight, and even anonymous between the two parties 

10 of the transaction, with only reasonable compromise to security. The giving entity does 
only need to know the "messaging address" of the intended give receiver. 

The "give" mechanism and the transactions between chents and voucher server 
are fiiUy automatic. User interactions should not be inserted in the client-server 
interaction. The mechanism above can be described as "I want to give this content to 

15 someone to whom I will give the index created by the voucher server". 

Distribution by giving the content is accomplished by a digital voucher stored at a 
user's node in the network. The user's node is the distributing terminal and can include 
the user's mobile or wireless device. For example, the digital voucher can authorize the 
distributing terminal to cause the giving of a preview copy of a digital asset to a receiving 

20 terminal. The digital asset may be located in the distributing terminal or elsewhere in the 
network. The user invokes a give operation m the distributing terminal, to send a copy of 
a secondary voucher specifying the preview rights, to a voucher server. The voucher 
server recognizes the give operation and responds with a reference voucher that includes 
an indication of no rights to the primary content. The distributing terminal receives the 

25 reference voucher from the voucher server. The distributing terminal then sends the 
reference voucher to the receiving terminal. The receiving terminal can then send a 
request to the voucher server, requesting a new secondary voucher. The new secondary 
voucher confers the same preview rights onto the receiving terminal as are available to 
the distributing terminal. Later, the receiving terminal can purchase a primary voucher 

30 fi'om the voucher server, to obtain the same rights to the primary content as are possessed 
by the distributing terminal. 
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Figure 8 illustrates the protocol for the Mobile Rights Voucher personalized give 
process for sending a preview copy of protected digital content. In Figure 8, a user 
coupled to distributing terminal 200 purchases sonae digital content and wants to send an 
unedited preview copy of the digital content to receiving terminal 240. Primary content 
5 802, primary voucher 812, and secondary voucher 814 are resident in the memory of 
distributing terminal 200. Primary voucher 812 is a "fiill rights" voucher that allows the 
user to render the content as many times as necessary, but eliminates the fear of leaking 
rights by not allowing the dupUcation of the content. Primary voucher 812 includes 
pointers to primary content 802 and a reference, in the narrow element, to secondary 

10 voucher 814. Secondary voucher 814 is a "preview" voucher that distributes a preview or 
one-time copy of the content to another user. Secondary voucher 814 includes pointers to 
primary content 802, and a reference, in the narrow element, to itself that allows 
secondary voucher 814 to create a duplicate of itself. 

If an application supports the Mobile Rights Voucher personahzed give feature, 

15 the user can invoke a forwarding operation to copy the content to another user coupled to 
receiving terminal 240. When the user selects to send a preview voucher to receiving 
terminal 240, a copy of secondary voucher 814 is sent to voucher service 840 using the 
'*x-mrv-giveVouclierSend" HTTP POST header. Voucher server 840 responds to 
distributing terminal 200 with a "given voucher reference". Distributing terminal 200 

20 forwards the "given voucher reference" to receiving terminal 240, the target of the give 
operation. The asset may also be sent during this transmission with a "no-rights" 
voucher. At this point, distributing terminal 200 deletes primary voucher 812, leaving 
only secondary voucher 814, a ^'no rights" voucher. Receiving terminal 240 sends a 
message to voucher service 840 requesting the regenerated voucher on presentation of the 

25 "given voucher reference". Voucher service 840 responds to receiving terminal 240 with 
the regenerated voucher such that it only contains the remaining rights and the 
personahzed information is changed for the new target. 

If digital content is meant to have rights associated with it, and those rights will be 
delivered independent of the content and possibly after content distribution to the 

30 terminal, there is a need to express concisely that the user 'currently' has no rights to the 
content. Thus, the main requirement for Mobile Rights Voucher Subset A is the 
expression of "no-rights". 
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The following is an exemplary voucher that demonstrates the minimal "no-rights" 
voucher with an assumed asset: 

<rights> 
<usage> 

5 <asset></asset> 

< /usage > 
< /right s> 

The above example is the minimum because the usage contains no asset declaration. This 
10 implies that this voucher is associated with the content in the same package whether a 
MIME multi-part or an MMS package. 

The following is an exemplary voucher that demonstrates the minimal "no-rights" 
voucher with a declared asset: 



15 



<righ.ts> 
<usage> 

<asset> 

<uid>mid:batmanlogo345684567®city . f i</uid> 
</asset> 
</usage> 
20 </rights> 

The above example declares the asset to allow for independent dehvery of the asset and 
content. This voucher supports automatic content delivery and user initiate content 
request. 

25 The following is an exemplary voucher that demonstrates a "no-rights" voucher 

with a declared asset and an administrative identifier: 

<rights> 
<admin> 

<uid>littp : / /www, media- sampo . com/</uid> 
30 </adTnin> 

<usage> 

<asset> 

<uid>mid:batmanlogo345684567@city . f i</uid> 
</asset> 
35 </usage> 
< /right s> 

The above example declares the asset to allow for independent delivery of the asset and 
content. This voucher supports automatic content deUvery and user initiate content 
40 request. The addition of the "admin" tag enables the user to contact the voucher service 
or a retail service to buy a voucher with rights for the specified content. 

The Mobile Rights Voucher Subset B requirements are to support content 
preview, content save, and simple forwarding enabled or disabled. The content types that 



wo 03/005145 



53 



PCT/IB02/02591 



Mobile Rights Voucher Subset B supports include ringing tones, operator logos and 
conunand line interface (CLI) graphics, screen savers, and Java applications. 

The following is an exemplary voucher that demonstrates the independent content 
preview capability with forwarding disabled (i.e., no copy intent): 

5 <rights> 

<usage> 

<asset></asset> 
<display> 

<constrain> 
10 < count >!</ count > 

</ constrain> 
</display> 
</usage> 
</riglits> 

15 

Since the usage tag in the above example does not contain an asset declaration, it has an 
implicit reference relationship with the content object. The asset is visual because the 
intent is to display. The intent is further constrained to display the content only one time. 
This means it is a preview and one may not want it saved on the device, but note that even 

20 if the content is saved the count will be used up after one. When the usage count 
decreases to zero, it is safe to leave the content in the device because the preview voucher 
will indicate that no usage rights exist for the preview voucher. Finally, as there is no 
copy clause in the voucher the asset is forwarding disabled. This happened by default 
when copy elements are not present. 

25 The following is an exemplary voucher that demonstrates the independent content 

preview capabiUty with forwarding enabled (i.e., a copy intent): 

<rights> 
<usage> 

<asset></aaset> 
30 <di splay > 

< cons train >< count > 1</ count ></ cons train> 
</display> 

<copy></copy> <!- this will enable forwarding 
</usage> 
35 </rights> 

The above example is similar to the previous example with the addition that the implicit 
reference to the asset and the implicit voucher itself can be copied for distribution (i.e., 
forwarding is enabled). 
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10 



The following is an exemplary voucher that demonstrates the independent content 
save or full rendering rights capability and including forwarding disabled (i.e., no copy 
intent): 

<rights> 
<usage> 

<asset>< /asset > 
<display></di splay > 
</usage> 
</rights> 



Since the usage tag in the above example does not contain an asset declaration, the 
voucher is associated with the content in the same package whether a MIME multi-part, a 
MMS or a generic XML package. The asset is visual because the intent is to display. 
Since the intent is not constrained, the content can be saved to the terminal as there are 
15 remaining rights and the content is likely to be used repeatedly. 

The following is an exemplary voucher that demonstrates the voucher when it is 
embedded into a generic XML package: 

<Generic XML Container > 
<Version>l . 0</Version> 
20 < Content > 

<Meta> 

<rights> 

<usage xmlns = "MRVsubsetbl . 0 " > 
< asset ></ as set > 
25 <display></d.isplay> 

</usage> 
</rights> 
</Meta> 

<Type>vnd . nok . screens aver </Type> 
30 <Format>b64</Format> 

<Data> 

<1--Base64 encoded content inf ormation- - 
-~Base64 encoded content inf ormation 
--Base64 encoded content inf ormation- - 
35 --Base64 encoded content inf ormation- - 

--Base64 encoded content inf ormation- - 
--Base64 encoded content inf ormation- -> 
</Data> 
< /Content > 
40 </Generic XML Container> 

In the above example, the full display rights are embedded into a Smart Content Object 
package and associated with the content element of the parent of the Smart Content 
Object. The voucher is very small. 
45 The following is an exemplary voucher that demonstrates the voucher when it is 

embedded into a MIME multi-part package: 
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MIME -Vers ion : 1.0 

Content-type: multipart /mixed; boundary^ " simple boundary" 
--simple boundary 
Content-type: text/MRV; 
5 < right s> 

<usage> 

<asset>mid : l®a -b< /asset > 
<display></ display > 
< / usage> 
10 </ right s> 

--simple boundary 

Content-type: vnd. nok. Screensaver; Content -transfer- encoding : base64 
Message -ID: <l®a.b> 

--base64 encoded content information 
15 --base64 encoded content information 

--base64 encoded content information 

--base64 encoded content information 

--base64 encoded content information 
--simple boundary- - 

20 

In the above example, the full display rights are embedded into a MIME multi-part 
package and associated with the content element of the parent voucher. Thus, the 
voucher is very small. 

Figure 9 depicts a network environment for distributing a Mobile Rights Voucher 

25 that presents voucher related issues and example vouchers. In the use case scenario 
shown in Figure 9, a sending user (not shown) coupled to sending terminal 900 accesses 
content service 930 and voucher service 940 via cellular network 130 to purchase two 
screen savers. Since the sending user is happy with the purchase, sending terminal 900 
forwards a preview copy of the screen savers to receiving terminal 910 via personal area 

30 network 120. A receiving user (not shown) views the preview copy of the screen savers 
to evaluate the screen savers. If the receiving user is happy with the screen savers, 
receiving termmal 910 can purchase a full-right version of the screen savers from content 
service 930 and voucher service 940 via cellular network 130. 

In the first step in the use case scenario, when sending terminal 900 purchases two 

35 screen savers, his terminal receives an MMS message that contains two assets, one for 
each screen saver. The MMS message also contains a full rights voucher and a preview 
voucher. The full-right voucher is personalized for sending terminal 900 and supports 
forwarding a preview copy to another user for a limited period of time. The preview 
voucher allows a one-time preview of the assets and supports forwarding of the preview 

40 voucher to another user for a limited period of time and contains a reference to a service 
where another user can purchase a full voucher. 
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An exemplary full voucher for sending terminal 900 may appear as follows: 

<?xml version^" 1 . 0 " encodings "UTF- 8 "? > 
<!DOCTYPE rights SYSTEM "C : \MRV1 . 0 -subsetC . dtd" > 
<rights xmlns : xlink= "MRVl . 0 . 3 " xnilns=: "MRVl . 0 . 3 "> 
5 <versioii>l . 0 . 3</version> 

< admin > 

<uid>http : //www. media- sampo . coni/ScreenSaverService</uid> 
</ admin > 

<transaction>TID : 3457345987 -6789-9</transaction> 
10 <usage> 

<asset> 

<uid>mid: tropicalsunset . 34565 834 7@digitalshop. com</uid> 
< ! --<protection>content protection would go 
liere</protection> ~ - > 
15 </asset> 

<asset> 

<uid>mid runderwaterdivert . 345658347@digitalshop . com</uid> 
< ! - - <protection>Gontent protection would go 
h.ere</protection>- - > 
20 </asset> 

< di splay >< / di sp 1 ay > 
<copY> 

<constrain> 
<datetime> 

25 <end>2 0 010 83 0</end> 

</datetime> 
</ constrain> 
<narrow> 

<uid>mid : previewvoucher .343453 34 4@digi tal shop - com< / uid> 
30 < / nar row> 

</copY> 
<constrain> 

<individual><uid>IiyiEI : 123456789123459</uid></individual> 
</constrain> 
35 </usage> 

< I - -<protection>The integrity would go here</protection>--> 
< /rights > 

In the exemplary full voucher shown above, the "admin" element points to the service 
40 where the voucher was purchased. Some personal transaction information is delivered for 
sending temiinal 900. Assets are declared. There is a full rights voucher for display of 
the screen savers. There is a time limited copy intent that can copy the content and only 
the preview voucher. Finally, the individual constraint at the usage level locks this 
voucher to the sending terminal 900 terminal for all intents, therefore, it is not necessary 
45 to declare it multiple times. 

The preview voucher for sending terminal 900 would appear as follows; 
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<?XTnl version="l . 0" encodiiig="UTF~8 " ?> 
<!DOCTYPE rights SYSTEM " C : \MRV1 . 0 -subsetC . dtd" > 
<rights xmlns :xlink="MRVl . 0 , 3" xmlns="MRVl . 0 . 3 " > 
<version>l . 0 . 3</version> 
5 <adniin><uid>http : //www.media- 

sampo . com/ScreenSaverService</uid></admin> 
<usage> 

<asset > 

<uid>mid: tropicalsunset .345658347@digitalsiiop . cora</uid> 
10 < ! - -<protection>content protection would go 

here</profcection>--> 
</asset> 
<asset> 

<uid>mid:underwaterdivert .34565 8347@digitalshop.com</uid> 
15 < I -~<protect±oii> content protection would go 

iiere</protection>-- > 
</asset> 
<display> 

<constrain> 
20 <count>l</count> 

</constrain> 
</displaY> 
<copy> 

<constraiii> 
25 <datetime> 

<end>2 001083 0</end> 
</datetiTne> 
</constrain> 
<narrow> 

30 <uid>Tnid:previewvoucher. 3434 533 44@digitalsliop.com</uid> 

</narrow> 

< / copy > 
</usage> 

< 1 - -<protection>The integrity would go here</protection>--> 
35 </rights> 

Note that the above preview voucher does not contain any trmsaction information, titie 
preview is not locked to any terminal by use of individual, the preview is Umited to a 
single viewing, and the voucher allows itself to be forwarded for a limited period of time. 

40 In the second step in the use case scenario, when sending terminal 900 forwards a 

preview voucher to receiving terminal 910, receiving terminal 910 receives an MMS 
message that contains two assets, one for each screen saver. The MMS message also 
contains a preview voucher that allows a one-time preview of the assets and supports 
forwarding of the preview voucher to another user for a limited period of time and 

45 contains a reference to a service where another user can purchase a full voucher. 

The preview voucher for receiviag terminal 910 is the same as the preview 
voucher for sendmg terminal 900. Receiving terminal 910 can preview the screen savers 
with the preview voucher. Receiving terminal 910 will preview the screen savers and 



wo 03/005145 



58 



PCT/IB02/02591 



decide if he wants to purchase his own full rights copy of the screen savers. If he decides 
to purchase the screen savers he would select this option on liis terminal. The preview 
contains a reference m the "admin" tag to a Voucher Service that retains a full right 
voucher that receiving terminal 910 can purchase. As a response to the request to 
5 purchase a fixU rights voucher, receiving terminal 910 will receive the following voucher 
that will give him the same rights as sending terminal 900. 

<?xml versions " 1. 0" encoding="UTF-8 " ?> 
<!D0CTyPE rights SYSTEM " C : \MRV1 . 0-subsetC . dtd" > 
<rights xmlns :xlink= "MRVl . 0 . 3 " xmlns = "MRVl . 0 . 3 " > 
10 <version>l . 0 . 3</version> 

<adTiiin> 

<uid>http : //www. media- sampo. com/ScreeiiSaverService</uid> 
</admin> 

<transaction>TID : 3647589987-5677-9</transaction> 
15 <usage> 

<asset> 

<uid>mid: tropicalsunset . 345 658347®digitalsliop . com</uid> 

< 1 --<protection>content protection would go 

h.ere</protection>- - > 
20 </asset> 

<asset> 

<uid>niid:underwaterdivert . 34565 834 7@digitalshop. com</uid> 
< ! --<protection>content protection would go 
liere</protection>--> 
25 </asset> 

<display></di splay > 
<copy> 

<constrain> 
<datetime> 

30 <end>2001083 0</end> 

</datetime> 
</constrain> 
<narrow> 

<uid>mid:previewvoucher . 343453 344®digitalshop . coin</uid> 
35 </narrow> 

< / copy > 
<constrain> 

< individual > 

<uid>IMEI :343586722223454</uid> 
40 < /indi vidua 1> 

</constrain> 
</usage> 

< 1 - -<protection>The integrity would go liere</protection>- -> 
</rights> 

45 

In the third and final step in the use case scenario, when receiving terminal 910 
decides to purchase a full-rights version of the screen savers, receiving terminal 910 
receives an MMS message that contains two assets, one for each screen saver. The MMS 
message also contains a preview voucher that allows a one-time preview of the assets and 
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supports forwarding of the preview voucher to another user for a limited period of time 
and contains a reference to a service where another user can purchase a full voucher. 

Another embodiment of the Mobile Rights Voucher maps the Mobile Rights 
Voucher DTD into a single Wireless AppUcation Protocol (WAP) Binary XML 
5 (WBXML) code space. WBXML is a binary representation of XML that is designed to 
reduce the transmission size of XML documents and allows more effective use of XML 
data on narrowband conamuaication channels. The Mobile Rights Voucher DTD is 
assigned the WBXML document pubUc identifier associated with the Formal Pubhc 
Identifier (FPI) such as "-//NOKIA//DTD Mobile Rights Voucher 1.0//EN". The Mobile 
10 Rights Voucher format DTD is mapped into tokens from a single code page, "00", 
associated with the FPI "V/NOKTAZ/DTD Mobile Rights Voucher 1.0//EN". The 
following WBXML token codes represent elements (i.e., tags) from the code page xOO 
(zero) of the Mobile Rights Voucher DTD. The WBXML encoding of the XML elements 
is shown in Table 1. 
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XML Type Name 


WBXML Tag Token 
(JtLexaaecimai vaiue) 


Kjignts 


AC 


V ersion 


Uo 


Acutnin 


U/ 


uid. 


AO 

(Jo 


1 ransaction 


AA 


Protection 


A A 

OA 


Usage 


ATI 

013 


Asset 


A/^ 

oc 


Rightsholder 


VD 


Print 


A"D 

Oii 


Display 


AT? 

OJb 


riay 


10 


Execute 


1 1 


Copy 


12 


Give 


13 


Narrow 


14 


constram 


1 J 


Count 


16 


Start 


17 


End 


18 


Datetime 


19 


Individual 


lA 



Table 1 

Using Independent Clearinghouses for Monitoring Digital Rights Transfer 
Transactions 

An important aspect of digital rights management is the design of mechanisms 
5 that can enable various types of revenue sharing among the players involved (e.g., 
publishers, resellers, etc.)- This invention proposes a flexible and scalable mechanism. 

New copies of digital content can be created effortlessly. This enables large-scale 
distribution and super-distribution of the content. To share revenue effectively, the 
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creation of new copies needs to be accurately monitored. Typically, a clearinghouse 
monitors the copies and may be tightly integrated with the DRM system (e.g., a single 
global clearinghouse, or a single network of clearinghouses). 

The described scheme for reporting new copies is extremely flexible. In the most 
5 general case, this scheme allows anyone to run a clearinghouse. The device manufacturer 
may also choose to limit the clearinghouse functionality only to clearinghouses certified 
(directly or indirectly) by the manufacturer. Our scheme also specifies the clearinghouse 
on a per-content basis (rather than assuming a single global clearinghouse, or a single 
clearinghouse network). This allows several independent clearinghouse networks to exist 

10 in parallel. Further, the method provides for dormant rights. 

We assume that the rights for a copy of some content are encoded in a voucher in 
such a way that only the intended compliant device will be able to use that copy. This 
does not prevent the device from giving away its rights to another device, by creating a 
new voucher and deleting its own. A voucher contains information about the 

15 clearinghouse responsible for that content and may include the name of the clearinghouse, 
its public signature verification key, and a network address (e.g., URL) where the creation 
of new copies of this content can be reported. The voucher also specifies whether the 
device importing the voucher needs to report the existence of the copy to the 
clearinghouse. 

20 When a voucher is imported to a compliant device, the device will perform the 

following checks: 

1 . Whether this copy should be reported? 

2. If the copy should be reported, does the device have a way of reporting to the 
clearinghouse specified by the voucher? If not, mark the voucher as disabled in this 

25 device. 

3. If the copy does not need to be report, import the voucher and mark it as enabled in 
this device, subject to any other restrictions. 

4. After the copy is reported, the voucher will be marked as reported, so that it need not 
be reported again. 

30 When a compliant device makes a new copy for another device (e.g., during 

super-distribution), it may either report the copy to the clearinghouse by itself, or set a 
flag in the new voucher so that the receiving device will report it. Note that if the 
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receiving device cannot report the copy, the voucher will be marked as disabled in that 
device. But the receiving device may still either give the right away, or make new copies 
for other devices. Effectively, this allows devices to act as a vector that carries a dormant 
right. Super-distribution of receiver-reported copies is even allowed when the super- 
5 distributor does not have the right to use the content. Dormant rights will become active 
if and when the rights arrive at a device that can report them to the clearinghouse. This 
may increase the scope and speed of super-distribution, just as biological vectors increase 
the scope and speed of infection. 

Independent mechanisms may be used to control how the reporting is to be done 

10 (e.g., on-line or off-line, whether reporting may be delayed until network connectivity is 
obtained, how to limit use while report is pending etc.). These independent mechanisms 
require the registration of devices with one or more clearinghouses. But the devices 
could still import and use vouchers referring to other clearinghouses if the device can find 
a suitable trust chain (starting from the clearinghouses mentioned in the voucher and 

15 ending in a clearinghouse with which the device is registered). If not, step 2 above will 
fail. 

A manufacturer may configure its devices so that it will only agree to report to 
clearinghouses that are certified by the manufacturer. In this case, when a voucher is 
imported, the device will check whether a manufacturer (directly or indirectly) certifies 

20 the specified clearinghouse. If not, step 2 above will fail. Certifying clearinghouses may 
allow the manufacturer to charge the certified clearinghouses. But technically, such a 
certificate is not necessary. A comphant device may enforce vouchers for any 
clearinghouse. This may enable widespread grass-roots level pubUshing of content. 
Charg in g-Independent Method for Containiiig Off-Line Super-Distribution of 

25 Material with a Monetary Value in a DRM Environment 

One of the bigger hindrances of off-line (ad-hoc) super-distribution is the 
collection of rights and other charges. This invention formulates a method for partially 
guaranteeing that all players in a DRM transaction eventually get their dues. The solution 
has been developed with a mobile music player in mind, but applies as well to any kind of 

30 digital content in a DRM scheme. 

DRM infrastructures generally enforce protected distribution and presentation of 
digital content so that digital rights can be protected and necessary charges collected for 
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the rights owners. Payment or charging solutions, with the exception of some electronic 
payment solutions, normally require network interaction with a charging server of some 
sort. In an ideal DRM model, users should be able to spread or move content between 
themselves in various manners defined by the rights associated with the content. One 
5 model allows content distribution to be charged for between users outside of network 
coverage (only peer-to-peer connection between users). This model usually either 
assumes the existence of a payment scheme that is integrated with the DRM or that the 
selling user has purchased additional rights in the first place that he then can sell forward 
in the off-line case. Related problems usually involve currency conversions, taxation 
10 requirements and distribution of monetary value to all involved partners in the 
distribution chain. 

Previously, this problem was solved by: 
1. Enforcing a network connection tlirough a ubiquitous network connection (e.g. 
distribute content over infrared); 
15 2. Including a payment scheme in the DRM infrastructure; and 

3. Requiring the purchasing user to purchase "additional" rights in advance, in the form 
of a "season ticket" or equivalent. 
This solution is: 
1 . Independent of the payment or charging mechanism; and 
20 2. Makes ad-hoc or "spur of the moment" distribution of content available while still 
restricting the monetary risk for the involved rights owners. 

Thus, the problem involves how to support off-line super-distribution, that is, if 
you give me a copy, so that the recipient can use the content right away without having to 
contact some voucher server. One solution is to rely on tamper-resistance and delayed 
25 reporting. Another solution is to use "season tickets'". Each user registers with a 
clearinghouse and receives a certificate of his signing key. This certificate is the "season 
ticket" (it may be valid for a short time, and will have limits on the number of 
transactions it can perform). For user A to super-distribute a copy of the season ticket to 
user B, user B gives user A a signed statement for the amount. User A can verify this 
30 signature against the certificate or season ticket issued to user B by the clearinghouse. 
When user B receives the voucher, he can use the content immediately. All of these steps 
happen off-line. The next time user A is on-line, user A can submit the signed statement 
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to the clearinghouse. The clearinghouse can then either bill user B or deduct the amount 
from a pre-paid account. The clearinghouse can also give user A credit for the sale (e.g., 
a payback, bonus, or loyalty points) as an incentive to report the signature. The "season 
ticket" scenario does not require tamper-resistance for payments and will work is only 
5 one party is honest. The risk of dishonesty or collusion by both parties is shght and can 
be mitigated by integrating tamper-resistance as a second-line of defense. 

Most users behave more or less rationally. In this scheme we let the users or 
devices acquire a certain amount of debt (unrelated to any charging/payment mechanism) 
off-line, and tie this debt to the DRM device. The debt is tied based on the rule that the 

10 total value of the debt that can be nm up by a device is limited by the number of debt- 
increasing transactions so that the total amount of debt will always be significantly less 
than the perceived value of the device. So the user of the device is motivated to clear the 
debt of the device the next time when he is connected to the network by the fact that he 
again has the "whole spending hmit" to use in upcoming off-line situations. 

15 Off-line transactions that can increase the debt of device come in two forms. 

First, user A sells content to user B and collects money immediately. In this case the debt 
will be tied to the device associated with user A. No debt is tied to the buying user. 
Second, user A "sells or distributes" content to user B and the buyer "promises" to pay 
later (when he comes into network coverage again). In this case the debt will be tied to 

20 the device associated with user B. No debt is tied to the selhng user. 

Since we want, at least in one case, to keep the system unrelated to monetary 
complications Uke currency conversions, the debt is limited to the number of debt- 
increasing trasactions rather than the actual monetary value involved. This can be 
included as a separate "counter" with the additional overhead of handling currencies. 

25 This system should be suitable for all involved partners. System users will get the 

additional freedom of (to a certain degree) distributing content among themselves, and the 
rights owners will (eventually) get additional revenue streams from the super-distribution. 

The described system combines the generation of sample playback copies and the 
purchase status of a certain content copy. This means that when a copy of the content is 

30 purchased, a certain number of distributable preview copies are "included in the price". 
These may be given out or super-distributed to friends, who in this scheme can receive a 
copy from the owner of the content and playback the content one time. If a content is 
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resold (B 1 or B2 scheme), the newly generated copy will have the full number of preview 
copies included whereas the copy count of the original may or may not be upgraded to the 
ftdl amount after a resell. 

This invention describes and strives to protect a method for limited super- 
5 distribution that can benefit a system that incorporates the method. A more detailed 
description of the protocols and security features involved (which are not relevant to the 
idea itself) can be found in the TranSec protocol descriptions. 
Controlling the Downloading of Content in Digital Rights Management Systems 

Most of the Digital Rights Management (DRM) work so far has focused on PCs or 
10 other special-purpose devices as the client terminals. DRM for a portable device is of 
particular interest to the mobile computing envkonment. An inherent limitation of a 
portable device is lack of storage or memory. 

Due to the lack of storage on portable devices, a user cannot keep copies of all the 
content for which he bought rights. He should be able to pay for the content once, use it, 
15 delete it to use the storage space for some other purpose, but later download the same 
content without having to pay again. 

One approach is to assume that all copies of a given piece of content are encrypted 
with the same key and that the encrypted content is freely available for downloading from 
public sources (e.g., public web-sites). This approach is implied (although not expUcitly 
20 stated), e.g., by the EBX E-book specifications. 

Content files may be large. If anyone is allowed to freely download the content 
files from public servers, an attacker may be able to overwhelm the server by issuing 
bogus requests. This will prevent legitimate users from downloading content. 

This bandwidth exhaustion problem is especially severe in pubUc access wireless 
25 networks (e.g., a kiosk serving content via Wireless LAN in a pubhc hotspot). 

This invention introduces methods to control access to encrypted content files so 
that such a denial-of-service attack is difficult to mount. In one embodiment, the 
mvention also allows the possibility of metering downloads. 

Allowing anyone to download encrypted content may be undesirable, for example, 
30 during peak hours. This requires a way to perform controlled content transfers. One 
solution is to charge for content downloads. Another solution is to require that the 
receiving device prove its knowledge of the content encryption key by constructing a 
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download token in the form of a Message Authentication Code (MAC). A third solution 

is to issue a download certificate that certifies the receiving device at the time of rights 

transfer and is useful to construct a download ticket later. 

Regardless of how the download token is constructed, the basic controlled 
5 download protocol is as shown in Figure 10. Sender_challenge is a random challenge 

sent by the sender (e.g., content server). If a MAC is used, the Download_Token is 

derived by the function: 

"MAC(K, sender_challenge | CID)" 

where MAC is a suitable MAC function (e.g., HMAC^SHAl), CID is a unique identifier 
10 for the content and K is the universal encryption key used for CID. The function 

createDownloadTokenO takes CID as input and produces the Download_Token as output. 

A device will be able to do this only if K is known, that is, it has the rights for CID. The 

function verifyDownloadTokenQ takes CID and the Download_token and computes the 

MAC and compares it with the Download_token. 
15 If Signatures are used, a Dovraload_Certificate is issued to the device at the time 

the right for CID is acquired for the device. This certificate is issued by the entity that 

grants the rights. For example, a pubhc kiosk K could issue the Download_Certificate of 

the form: 

Sig(SK, Vd I CID 1 .. other info . . .) 
20 where Sk is the signature key of the kiosk (with corresponding verification key Vk), Vd is 

the signature verification key of the device (with corresponding signing key Sd). "Other 

info" may include limitations like an expiry date. The certificate asserts that the owner of 

Vd has purchased the rights for CID and is eligible for downloading the actual content. 

The Download_Ticket is of the form: 
25 Sig(SD5 sender_challenge, CID), Download_Certificate 

Any download server that knows the public key Vk can verify the Download_Certificate, 

and then the signature, and hence limit download requests. 
The features of the MAC-based approach are: 

1 . It is simple; and 
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2. Since the content key is universal, a requestor will be able to produce a 
Download_Token that can be verified by aay server for that encrypted content. 
However, a server may want to distribute the content to someone who got the rights 
jfrom a different server (or a server in a different domain). This could be achieved by 
5 server-specific (or domain-specific) content keys rather than global content keys. 

The advantages of the Signature based scheme are: 

1 . It is flexible in that additional constraints (such as aa expiry date for free downloads) 
may be encoded in the Download_Certificate; and 

2. Since signatures cannot be forged, the download tokens can serve as a way to 
10 accurately measure the number of downloads for a given content. For example, 

advertisers are interested in obtaining metering information that is not forged. 

Methods to generate and evaluate message authentication codes to insure the 
integrity of data are described in the book by Stephen Thomas entitled SSL and TLS , 
pubUshed by John Wiley and Sons, 2000. The RSA Message Digest (MD5) and the 

15 Secure Hash Algorithm (SHA) are two example algorithms for message authentication 
that are described in the book by Stephen Thomas. Another reference that goes into 
greater detail in its discussion of data integrity methods is the book by Bruce Schneier 
entitled Applied Crvptoeraphv - 2nd Edition published by John Wiley and Sons, 1996. 
Methods to generate and evaluate digital signatures to insure the source of the digital 

20 program are described in the book by Richard E. Smith entitled Intemet Crypto graphv. 
pubhshed by Addison Wesley, 1997. To insure that the source of the data cannot be 
repudiated, a digital signature can be appended to the data, as described in the book by 
Richard E. Smith. 

Lending Rights to DRM Protected Content 

25 The content is transferred from one consumer to another by means of portable 

media such as compact disk or floppy disk. Prior to transferring the content, the sender 
opens a transaction with a clearinghouse and informs it about the transfer of rights. The 
sender opens the existing license and then encrypts it with the receiver's public key. The 
receiver can then use the loaned content based on the business rules in the license. The 

30 content is returned to the original sender in the same way as it was sent in the first place. 

Another way to transfer content is to send a reference to the receiving consumer, 
which indicates where to get the new license for the content. The receiving consumer 
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then contacts the clearinghouse and receives the new hcense via this connection. This 
way the receiving consumer does not need to send it's public key to the sender. 

When the content is DRM protected, it cannot be lent to another persons use in a 
traditional way because the license is tied to one device at a time. 
5 Many different implementations are possible and feasible. The inventor suggests 

that the best implementation for GSM mobile terminals could be SMS communication 
between the terminal and the clearinghouse. 
Flexible Content Binding Scheme 

To prevent the widespread infringement of the copyright of digital content such as 

10 movies, music, or electronic books, different content protection and digital rights 
management systems have emerged. There is a common requirement for all those 
systems; they need to bind the content to something. There have been many arguments 
over whether the right thing to do is to bind the content to a piece of equipment (such as a 
certain PC, for instance), the media on which the content is stored (memory card or hard 

15 disk, for instance) or to the user. This invention makes this no longer an "either-or" 
situation by allowing content to be bound to a multitude of identities. The presence of 
even one of those identities will enable the usage of the content. 

When a file containing a piece of content is originally purchased (e.g. downloaded 
jOrom the Web), it is encrypted with a randomly chosen Content Key. The Content Key is 

20 then encrypted with a multitude of different IDs such as Device ID, Media ID and User 
ID. All those encrypted versions of the Content Key are then attached to the content. 
The content can then be freely moved around in the encrypted format. When it is time to 
use the content, the player software then tries the Device ID, the Media ID and the User 
ID as keys for decrypting the Encrypted Content Key. As long as even one of those 

25 identities matches, the correct Content Key is recovered and the content can be decrypted. 

Altematively, in an environment where it is not possible to keep the Device ID, 
Media ID or User ID secret, for instance because the binding is done in a remote server, 
the Content Key may be encrypted with a public key associated with or derived from such 
IDs instead of the ID itself When the content is to be decrypted, the private keys 

30 corresponding to the Device ID, Media ID or User ID can be tried in sequence, whether 
they correctly decrypt the Content Key. This invention also contemplates the use of 
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various combinations of IDs or related pairs of public keys and private keys. Tliis is just 

a matter of which IDs can be used without exposing them. 

The mvention solves the "what to bind content to" issue by allowing content to be 

bound to a number of different identities. The problems with the existing binding 
5 methods that are related only to a single identity are numerous. Binding to equipment can 

be a problem in case the equipment breaks down or is lost for some reason, or, for 

instance, replaced with a later model. Binding with media does not permit backup copies, 

so if the media is destroyed, the content is lost. Binding with a user might be most 

convenient, but it often causes privacy concems. It also prevents lending or giving the 
10 content to a friend even if it is on the original media. 

In the past, there have been suggestions to use a database to group different 

identities together to indicate that they are all authorized to use the content. The 

invention disclosed herein provides a simpler solution because there is no need for a 

special database, and therefore no administrative overhead. 
15 Implementation is pretty straightforward as part of a content protection or DKM 

solution. They usually have already solved the issue of binding content to a single ID. 

This invention simply takes that idea a step further by allowing bmding to a multitude of 

different IDs. 

Media IDs already exist for some memory cards and hard disks. Device IDs are 
20 typically also an existing requirement for devices that are used for DRM. They can be 
implemented using unique serial numbers or pseudo-unique random numbers on the 
system chip or related FLASH memory etc. On PCs existing IDs such as Ethemet MAC 
addresses can also be considered. The User ID is probably the most challenging ID to 
assign, as the privacy concems remain an issue. One possibility would be to assign a 
25 non-xmique (but statistically close enough to unique) random number to each user at the 
time for signing up for a service, for instance. This would probably alleviate those 
concems because it would be impossible to positively identify the user (several users may 
get the same ID). 

Distributed Rights Gateway System in a Mobile Environment 

30 This invention relates to distributed rights management in the context of mobility. 

This invention also utilizes a distributed payment mechanism. Scenarios of right 
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updating and super-distribution are considered. Storage of rights remotely is considered 
for device portability. 

This invention is a model of highly distributed systems suitable for mobile 
environments. Rights of ownership and usage of a content for a mobile user is achieved 
5 through mutable and mobile metadata associated with content. Distributed payment 
nodes control the mutation of metadata. This metadata is solely responsible for decision 
to let the user use content. This metadata is rephcated to a server near the user. If the 
device moves to a location closer to another server, the user's rights ia the form of 
Metadata is transferred to this new server. 
10 The invention aims to solve the problem of network latency in acquiring rights to 

use content in a mobile device. This invention also backs up rights in a server that is 
more reliable than a mobile device and solves the problem of super-distribution through 
rights portability. 

Earlier solutions required generation or updating of rights for a content from a 
15 remote retail site. Since there is only one place where rights can be obtained, it is not the 
best solution for mobile enviroimients keeping network latency and fault tolerance in 
mind. 

By storing the rights in a decentralized fashion and also updating them in a 
decentralized fashion through appropriate payment nodes, this invention will minimize 

20 the network latency to update rights for any content. The decentrahzation of rights 
storage will help in their backup that is an important use case for mobile devices. This 
invention emphasizes that only the payment nodes are sufficient to update the rights. 
Earlier solutions do not take payments into account when updating rights. 

Figure 11 depicts the architecture of the system and the interrelationship between 

25 the different entities within the system. A user (not shown) coupled to mobile device 
1110 can purchase rights firom retail content service 110 using mobile device 1110. The 
user would download content from the retail content service 110 through a secure 
chantieL The content and Metadata will be downloaded to mobile device 1110. A copy 
of this metadata is kept in rights database 1124 associated with rights gateway 1120. 

30 When the user wants to update his rights for content, he contacts rights gateway 1120 
through an agent on mobile device 1110. Rights gateway 1120 will use payment node 
1122 to update the metadata associated with the digital content. The metadata is available 
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in an encrypted form and can only be updated by rights gateway 1120 after approval by 
payment node 1122. The user will then download this metadata with updated rights. The 
user is then free to continue using the digital content. If the user wants to use the content 
in another device, he can transfer the content to the other device. The device that plays 
5 the digital content will look at the metadata to identify if the user has adequate rights to 
use the content. If the user wants to distribute the content to another user (recipient), he 
will transfer the metadata associated with the content to the recipient's rights gateway, 
rights gateway 1150. This gateway will change the fields within the metadata such that it 
belongs to the recipient and also contacts payment node 1152 to purchase the rights. 
10 Once the rights are purchased, the recipient is free to download content and its associated 
rights to his device for usage. 

A rights gateway such as rights gateway 1120 can perform the following 
operations on the metadata: 

1 . Mutate the metadata to reflect changes to rights and rules associated with content and 
15 user; 

2. Obtain payment authorization to change the rights portion of metadata; 

3. Send the payment data capture information to clearinghouse 1140; 

4. Send the authorization reversal request message to the backend payment system and 
change the rights associated with the metadata accordingly; 

20 5 . Handle an error retumed by backend payment system; 

6. Handle super-distribution by exposing a method that accepts a metadata and recipient 
ID, then changes the relevant field of the metadata; and 

7. Interface with a terminal WIM card to authenticate a user and change the metadata to 
establish ownership of the content. 

25 This invention can be best implemented using a DRM technology that provides a 

trusted environment for the various components of the system. It is important that all the 
software entities like payment nodes, rights gateway, and players are trusted. The Nokia 
mPlatform standard, a comprehensive answer to the challenge of setting up portals 
throughout national and international networks, can be used as an interoperability 

30 standard for payment nodes and rights gateway. 
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Voucher-Based Mobile DRM Architecture 

Digital Rights Management is a technology providing mechanisms for controlling 

consumption of digital content. DRM is already being used to some extent in the wireline 

Intemet domain, but there is currently no wide-spread DRM system that is used in the 
5 mobile domain. Today copy protection is done in the mobile domain with so called 

forward-lock method in which the termirial disables the ability to forward the piece of 

content (e.g. ringing-tone) to another terminal. 

One of the attractive features of DRM is super-distribution, that is, the ability to 

forward content from peer-to-peer and still enabling that the content owner gets paid for 
1 0 each copy. The forward-lock method effectively Mils super-distribution and thus we need 

to discover other DRM mechanisms. The problem with super-distribution is that once it 

is enabled;, it is really difficult to control the bits that are distributed from peer-to-peer. 

That is a natural law of the digital world, bits are inherently easy to copy and modify. 

Cryptography is the only practical technology that can be used to control the content 
1 5 consumption if super-distribution is used. That means that the content is encrypted and 

the decryption key is delivered to those tenninals that have paid to consume the content. 

In other words, DRM enables the paid content model, that is, the content is paid 

for when it is consumed. Thus, payment is an important function in any DRM system, 

although it can be considered as separate to DRM. 
20 The invention is the architectural model of the voucher server based Mobile DRM 

system that enables one to utilize cost-efficient mobile operator payment systems. 

The novelty value of this invention comes from the utilization of the mobile 

payment service provisioning also to manage digital rights-related payment collection. In 

effect, this means mobile optimizing the DRM system. The most obvious benefits of this 
25 approach are the ability to utilize mobile network operator payment systems, related 

agreements, and user interaction, and minimization of the over-the-air information 

exchange between mobile terminal and network. 

The Internet-optimized DRM systems assume liiat payment is done with some 

mechanism in the retail site but do not describe how. That may be due to the lack of 
30 effective micro-payment and mini-payment methods on the Intemet (as compared with 

operator billing in the mobile Internet). Thus, the common approach is to separate the 

payment to be handled as, for example, Intemet credit card transaction. 
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We made the same error in our earlier thinking. Our original architecture was 
similar to the others, but after reviewing that with our mobile payment people we ended 
up turning the architecture upside-down. We believe that this new model has novelty 
value and is a practical way to implement Mobile DRM. 
5 The following assumptions are made: 

1 . Voucher-based DRM model is used, where a voucher enables a terminal to access a 
specific piece of content; 

2. Super-distribution is enabled; 

3. Content can be separate from the voucher; 

10 4. Content can be unambiguously identified (Content ID); 

5. Voucher contains the content decryption key that is encrypted for each terminal 
separately; 

6. Each terminal has a secret/private key that is specific for that device; 

7. Each terminal has a DRM ID that can be used to discover the tenninal's public (if 
15 asymmetric algorithms are used) or secret key (if synunetric algorithms are used); 

8. Payment Service Provider model is used for handling payments; 

9. The end user has configured at least one Payment Service Provider into his mobile 
terminal; and 

10. Payment server handles the user interface during voucher acquisition. 

20 The invention is one way to solve the generic problem that all DRM solutions try 

to solve, that is, to enable the paid content model where content owners get paid each and 
every time someone consumes their content. The voucher model with content encryption 
solves the copy protection part of the DRM, that is, it protects the content owner from 
losing revenue due to end users illegally copying and consuming the content. 

25 The difficult problem in such a DRM sj^tem is to implement a cost-efficient 

payment mechanism. Digital content for the mobile domain is cheap (a few euros or 
less). In addition, it is likely that the end user will buy vouchers from multiple Voucher 
Servers (voucher retailers) — this is by design of the general voucher model. And further 
on, super-distribution of digital content from user to user via messaging implies that the 

30 content flows easily over, for example, operator domains implying that an end user needs 
to access Voucher Servers that are not located in his own operator's domain. This is in 
line with our intention to reward the top-quality content creators with a possibility that 
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their content can populate the whole mobile domain. Further, the content originators can 
use a relatively limited number of mobile payment service providers (e.g., deals with all 
leading operators in a given market) to conveniently to reach almost the whole market. 

This all sums up to the fact that each end user will have to pay a small amount of 
5 money to a large nxmiber of retailers throughout the world. It is not cost-efficient for 
those retailers to send invoices for small pa3raLents. It is also inconvenient for the end 
user as well. 

Our invention introduces the Pajraent Service Provider (PSP) model into DRM. 
The Payment Server is run by an entity that has a close relationship with the end user 
10 such as the mobile operator. The PSP information (access point etc.) is configured into 
the terminal by the end user. In most likely cases the PSP will be the end user's own 
mobile operator — but this is not mandated in our architecture. The PSP could be any 
party that has a flexible billing mechanism based on a user friendly authentication 
mechanism. 

15 Mobile operators have access to the operator billing system that is the most 

convenient payment mechanism for small payments. And that can be based on user- 
jBriendly MSISDN authentication (i.e., authentication that employs the mobile identity 
number of the mobile device), which can be done securely in the domain of a single 
mobile operator (MSISDN authentication is not very secure across operator domains). 

20 Further, the ease of authentication as a part of phone signaling clearly is superior to 
usemames/passwords that Internet-based systems have to rely on. Even though prior art 
DRM systems exist, a wide-spread and "Ught-weight" mobile DRM is novel. 

Our invention enables one to use operator billing for all DRM related payments by 
introducing the Mobile Payment Service Provider model into DRM. The Mobile Rights 

25 Voucher architecture has mobile optimizations and makes the Payment Service Provider 
the **user interaction agent" instead of the retail site. 

The disadvantage of this solution is the fact that Mobile Payment Service Provider 
(mPSP) controls the user interaction with the consumer. This principle is quite mobile- 
usage centric and not as flexible as the Web model. However, the advantage of ease 

30 authentication and consistent user experience by the mPSP overweight this in mobile use. 

Figure 12 is an illustration that shows the interaction of the architectural elements 
of the Mobile DRM system. The architectural elements that comprise the Mobile DRM 
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system include content server 1260, voucher server 1250, payment server or DRM Agent 
1220, and terminal 1210. Content server 1260 is a web server that is used to distribute 
content to end users and content pieces with a Voucher Server. Voucher server 1250 
handles content registration requests from Content Servers (price, optionally content 
5 encryption key generation, optionally content ID generation) and handles also voucher 
generation requests from Payment Servers (receives content ID and terxninal's DRM ID 
and generates in return a voucher for that specific terminal and piece of content). 
Payment server or DRM Agent 1220 handles user interface during voucher acquisition, 
communicates vnth a back-end payment mechanism (e.g. operator bilUng, credit card 

10 system) and requests vouchers from the Voucher Servers for end users. Terminal 1210 
downloads content from Content Servers, acquires via Payment Server vouchers that 
enable the terminal to access content. Content may be distributed from terminal to 
temiinal (super-distribution). 

Figure 15 is a flow diagram that demonstrates the message flows among the 

15 elements shown in Figure 12. During message flow "1. CONTENT DOWNLOAD", 
terminal 1210 downloads a protected content package from Content Server 1260. The 
content package comprises a content ID, encrypted digital content, and an address (e.g. an 
URJL) of Voucher Server 1250 which is associated with the content. During message 
flow "2. VOUCHER OFFER REQUEST", terminal 1210 requests a voucher for the 

20 downloaded content through DRM Agent 1220 by giving the content ID and address 
(URL) of Voucher Server 1250 and a terminal DRM ID. DRM Agent 1220 forwards the 
request to Voucher Server 1250. Terminal ID can be wireless device ID, user ID, or other 
ID. During message flow "3. OFFER", Voucher Server 1250 sends an offer to Temiinal 
1210 through the DRM Agent 1220. During message flow ''4. ACCEPTANCE", 

25 Terminal 1210 sends a message accepting the received offer. During message flow "4a. 
PAYMENT", DRM Agent 1220 handles the payment transaction with the Payment 
Server 1500. During message flow "5. VOUCHER REQUEST", DRM Agent 1220 
requests Voucher Server 1250 to generate the voucher. Dming message flow "6. 
VOUCHER DELIVERY", Voucher Server 1250 delivers the voucher to Terminal 1210 

30 via DRM Agent 1220. The voucher comprises Content ID, Content Encryption Key, 
transaction ID, usage rules, and usage limitations for the content. 
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The following discussion of content server 1260, terminal 1210, DRM agent 1220, 
payment server 1500, and voucher server 1250 shown in Figure 12 and Figure 15, as well 
as the relationships CS-VS, DA-VS, T-DA, CS-T, and T-T shown in Figure 12 
demonstrate the message flows shown in Figure 15. 
5 Content Server-Voucher Server Literface CS-VS — The Content Server (CS) 

registers content with the Voucher Server (VS) and passes registration information 
including Digital content. Price for the content, and Potentially a template for the DRM 
usage rules for that content (different rules may have different prices). VS prepares the 
digital content (generates potentially a content ID) and encapsulates it into protected 
10 DRM format (content encryption) and returns the protected content to the CS for 
distribution to end users. After registration process the VS is able to handle voucher 
requests (for that specific content) from Payment Servers. 

DRM Agent-Voucher Server Interface DA-VS — The DRM Agent (DA) requests 
information from VS about a piece of content (identified with a content ID) that the 
15 terminal is about to purchase a voucher for. That is used to generate an offer for the end 
user. If the offer is accepted, DA requests VS to generate a voucher for that specific 
content (content ID) and for that specific terminal (terminal DRM ID). 

Terminal— DRM Agent Interface T-DA - A terminal initiates a voucher 
acquisition transaction with the DA if the end user wants to consmne unpaid content. 
20 Terminal passes information about the content (content ID, Voucher Server URL (carried 
with the content) to its own Payment Service Provider (PSP) that operates the DA. DA 
sends an offer to the Terminal and the terminal accepts or rejects it. If the offer is 
accepted, DA handles the payment transaction (e.g. operator billing) and requests a 
voucher from the VS through DA-VS interface and delivers that voucher to the terminal. 
25 Terminal-Content Server Interface CS-T - The terminal downloads protected 

content from the CS. 

Terminal-Terminal Interface T-T - The terminal super-distributes content to 
another terminal. 

DRM is a technology that provides us with a promise that we are able to control 
30 the consumption of digital content. This can be accomplished with two steps: 

1. Associate usage rules with digital content; and 

2. Enforce that the rules are followed. 
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The tricky part is the rule enforcement. How to make sure that each and every 
entity that consumes the bits also follows the attached usage rules? How to make sure 
that the rules are not detached from the content? Once the bits get lost they're gone for 
good, 

5 Bits are very easy to copy. And further on, every copy is perfect, as good as the 

original one - this is a natural law in cyberspace. If we want to make copying bits 
difficult, we must use technology to contradict that natural law. DRM systems include 
such technology. 

On the other hand, the ability to control the bits and prevent them from being 
10 illegally copied is not enough. Actually the content owner wants quite the opposite, he 
wants to make sure that his bits get copied as much as possible - as long as he gets paid 
for each copy (this is called the paid content model). 

This results in three major requirements for the DRM system: 

a) The DRM system must be able to control the consumption of content (i.e. copy 
15 protection); 

b) The DRM system must enforce the paid content model (i.e. a convenient and cost- 
efficient pajonent mechanism must be supported); and 

c) The DRM system must enable multiple easy content distribution mechanisms (i.e. 
peer-to-peer super-distribution, content distribution via browsing or downloading, 

20 service originated messaging). 

Even though requirements (a) and (c) seem to conflict, they can be fulfilled if the 
protection mechanisms and content distribution mechanisms are orthogonal, that is, the 
DRM system is content transport agnostic. This impUes that piggybacking transport layer 
security mechanisms for content protection purposes may result in a system that severely 
25 restricts the content distribution possibilities. 

Super-distribution is a great opportunity for content oAvners. Each piece of 
content has a possibility to get distributed from peer-to-peer to a large population. 
Whether that happens for a particular piece of content or not depends on end user's 
subjective perception of the quality and price of the content. People vote with their 
30 forward-buttons. We want to encourage these kind of dynamics that reward content 
owners with great content. 

The main operative ftmctions of the DRM system are: 
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1 . Content registration to the DRM system; 

2. Content distribution to end users (from network to terminal and terminal to terminal); 

3. Voucher acquisition process that enables the end user to consxmie the content. This 
includes the payment process; and 

5 4. Money settlement process during which each value chain participant gets his share of 
the money collected from the end user. 

Figures 13 and 14 expand upon the architecture shown in Figure 12 to illustrate 
the interaction of a more complex Mobile DRM system to illustrate the relationships 
between the participating entities. 
10 Content registration is done between a Content Server and a Voucher Server. 

Content needs to be registered into the DRM system before it can be distributed to 
end users. During this registration the content is packaged into a DRM capsule that 
forces terminals to acquire a voucher before they are able to consimie the content. 
Usually this includes content encryption. Only after registration the content (DRM 
15 packaged version of it) may be distributed to end users. 

After content registration has taken place, the following shall apply (note: some 
things may already apply before registration). The piece of content has a unique ID 
(Content ID, CID). The Content ID needs to be associated with the content. In addition 
of being a unique identifier it is anticipated that in most cases the Content ID also points 
20 to the actual content object in the Content Server (URL). There is a specific Voucher 
Server that assumes responsibihty for issuing vouchers for that specific piece of content. 
The URI pointing to the Voucher Server is associated with the content and travels with 
the content to terminals. Mechanisms for this are specified in (XHTML <object> element 
parameter "accessRights) and (<admin> element in the voucher meta data). The specific 
25 Voucher Server has sufficient information for issuing vouchers. This includes Content 
ID, Content Encryption Key, voucher templates with business rules, pricing information 
related to each voucher template. The Content Server has sufficient information to 
distribute the content. This includes the DRM protected version of the content. 

Content registration happens in most cases only once per a piece of content, Re- 
30 registration may include Content Encryption Key refreshing (implies repackaging), 
pricing modifications, adding new voucher templates etc. 
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There are two models to register content, Voucher Server centric and Content 
Server centric. Both models are functionally equal but differ in the task division between 
the two entities. 

In this registration model the Voucher Server is responsible for ahnost all of the 
5 DRM related issues. For example, Content Encryption Key generation and storage and 
packaging the content into the DRM capsule. 

Content Server does not need to bother about DRM details, it only decides the 
prices for voucher templates and sends the plain content to the Voucher Server. 

From security point of view this model has the advantage that the Content 
10 Encryption Key leaves the Voucher Server only inside a protected voucher. The Content 
Server does not need to know the Content Encryption Key. 

Registering the same piece of content with two Voucher Servers results in two 
different DRM packaged versions of the same content. This may not be desirable. 

In this model the Content Server handles the DRM specific details and packages 
15 the content into the DRM capsule. Content Server informs the Voucher Server only 
about the absolutely necessary details it needs to know in order to issue vouchers. 

This model supports scenarios where the same piece of content is registered with 
multiple Voucher Servers and still there is only one DRM packaged version, however, 
this also depends on the security model. 
20 Content is distributed in the DRM system from the Content Server to Terminal 

and from Terminal to Terminal (super-distribution). Only registered (i.e. DRM 
packaged) content should be distributed. The assumption that packaged content is useless 
without a voucher makes content distribution requirements pretty loose. We can use 
whatever transport mechanisms we desire, if the following requirements are fulfilled the 
25 content is in protected DRM packaged format and the information that is required by the 
voucher acquisition process is carried with the content (including Content ID, Voucher 
Server URL). 

The most feasible transport mechanisms for Content Server to Terminal 
distribution are downlading in a standard browsing session (http) or server originated 
30 messaging with MMS. In Terminal to Terminal super-distribution MMS is an important 
mechanism. In addition, local link via OBEX over BT or cable may be used. 
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Voucher acquisition is the most important function of the DRM system. During 
that process a voucher is generated and distributed to the terminal and a monetary 
transaction takes place. The entities related to the voucher acquisition are Terminal, 
DRM Agent and Voucher Server. 
5 The Terminal initiates voucher acquisition when the end user wants to consume 

content for which the terminal does not have a voucher. In the basic scenario the terminal 
contacts the end user's DRM Agent and requests an offer for a voucher. DRM Agent 
contacts the specific Voucher Server that registered the content and requests information 
about the vouchers (e.g. price), DRM Agent makes an offer for the end user. If end user 
10 accepts the offer DRM Agent deducts the appropriate amount of money from the end 
users accoxmt (e.g. operator billing) and requests the Voucher Server to generate one 
voucher for that terminal. The voucher is then sent to the terminal and after that the 
terminal is able to consume the content. 

Money is collected from the end user during voucher acquisition. At the end of 
1 5 the day (or week or month) the settlement process must take place. In that process, each 
participant in the value chain gets a separate share of the money. 

DRM Agent is entitled to its share because it takes care of the payment transaction 
with the end user. DRM Agent keeps track of all issued vouchers. 

Voucher Server is the middleman between Content Servers and DRM Agents and 
20 is entitled for its share because it handles the content registration and voucher generation 
related issues. Voucher Server also keeps track of issued vouchers. 

Content Server is close to the Content Owner (in many cases the same entity) and 
thus should get its large share because the actual value that the end user paid for is in the 
content itself. However, super-distribution based voucher acquisitions are invisible for 
25 the Content Server making it impossible for it to keep track of content consumption. 
Content Server must rely on the information received from the Voucher Server. 

The settlement process is extemal to the DRM system and can be implemented by 
interfacing with existing invoicing systems. 

The digital content is created (or aggregated) by the Content Server. This implies 
30 that the Content Server is in close relationship with the Content Owner. 
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The main fimctions of Content Server is to register digital content with a Voucher 
Server and distribute registered content to an end user. In most cases the Content Server 
is just a normal http-server with a content registration interface integrated to it. 

The main functions of the Voucher Server are to receive content registration 
5 requests from Content Servers and to issue vouchers that enable terminals to consume 
registered content. 

The voucher generation decision is an important control point from security point 
of view. 

Voucher Server is in close relationship with the Content Server and must also 
10 have an agreement with a set of DRM Agents in order to make ensure that a large 
population of end users can consume the content. This is a win- win situation for both the 
Voucher Servers and DRM Agents, 

Voucher Server maintains a database of registered content and keeps tracks of the 
generated vouchers. 

15 DRM Agent is the middleman between the terminals that want to consmne content 

and the Voucher Servers that generate the vouchers (i.e., DRM Agent plays a central role 
in the voucher acquisition process) especially in the payment transaction. The rationale 
for introducing a middleman is related to the difficulty of doing cost-efficient and 
convenient invoicing between multiple Voucher Servers and the end user. 

20 The most important role of the DRM Agent is to handle the payment collection 

from the end user before the voucher is issued by the Voucher Server. This implies that 
there is a close relationship between the end user and the DRM Agent. In addition, the 
DRM Agent must also have an agreement with a set of Voucher Servers. 

DRM Agent maintains a user database and keeps track of the generated vouchers. 

25 The terminal is DRM system compliant and thus implements the communication 

protocols and functionality related to interfaces with Content Server, DRM Agent and 
other Terminals. The DRM system also assumes that some kind of local voucher and 
content repository is implemented. 

Information about the chosen DRM Agents is configured to Ihe terminal by the 

30 end user or the mobile operator (i.e., the terminal always initiates the voucher acquisition 
dialog with one of the end user's own DRM Agents). 
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The External Payment System may be, for example, operator billing system or 
credit card payment system. 

All of the terminal management issues are separated to a DRM Terminal 
Infrastructure (DRMI). These include mechanisms for terminal initialization, 
5 personalization, key renovation and terminal revocation. 

Referring again to Figure 12 and Figure 15, the Content Server-Voucher Server 
CS-VS interface is used to register digital content into the DRM system. Registration 
requests and responses add, modify, or delete a piece of content and the related 
information from Voucher Server. Mutual authentication is required between CS and VS. 

10 In addition, confidentiality and integrity of the communications must be protected. SOAP 
requests and responses over http with a SSL connection. VS acts as an http-server, CS as 
an http-client. Content registration may be quite infrequent in some cases. This implies 
that the interface can also be implemented with, for example, secure electronic-mail 
messaging between CS and VS operators. 

15 Referring again to Figure 12 and Figure 15, the Content Server-Terminal CS-T 

interface is used to distribute the DRM protected content from the Content Server to the 
Terminals. Content object downloading network originated MMS messaging. There are 
no major security requirements for this interface. However, it is useful but not mandatory 
for the end user to authenticate the Content Server. The same goes for the other way 

20 aroiond, although that is just normal behaviour of a Content Server and thus out of the 
scope of the DRM system. Spamming control needs to be implemented at some stage. 
Content downloading in a standard http/WAP-browsing session. The content may be 
wrapped inside a MIME or WAP multi-part message. Content may also be distributed 
with MMS messaging. Since MMS messages are based on RFC 822 the wrapping is 

25 similar to the brov^sing/downloading scenario. The actual transport mechanism should 
not be affected by DRM, only the processing of the received object is DRM specific. 

Referring again to Figure 12 and Figure 15, the Terminal-Terminal T-T interface 
is used to super-distribute content and possibly vouchers from terminal to terminal. 
Content object sending to another terminal. This may include sending a preview or no- 

30 rights voucher with the content. There are no major security requirements for this 
interface. It is useful for the end user to authenticate the origin of the message. 
Spamming control needs to be implemented at some stage. The actual transport 
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mechanism should not be affected by DRM, only the processing of the received object is 
DRM specific. 

Referring again to Figure 12 and Figure 15, the Terminal-DRM Agent T-DA 
interface is used to acquire a voucher. Payment transaction is done via this interface. For 
5 voucher acquisition, the terminal initiates the acquisition process (T=>DA: CID, 
Transaction ID, Voucher Server URL, Terminars DRM ID), DRM Agent responds and 
sends optionally an offer for the voucher, end user accepts or rejects the offer and 
performs payment related authentication, DRM Agent sends the voucher to the terminal. 
For GIVE voucher acquisition, the terminal initiates GIVE voucher acquisition process 

10 (T=>DA: CID, Transaction ID, Voucher Server URL, Terminal's DRM ID), DRM Agent 
responds and sends an offer for the GIVE voucher, end user accepts or rejects the offer 
and performs payment related authentication, DMR Agent sends the GIVE voucher to the 
terminal, terminal sends the GIVE voucher to another terminal (interface T-T). For GIVE 
voucher consumption, the terminal receives GIVE voucher (interface T-T), the Terminal 

15 sends GIVE voucher to the DRM Agent (T=>DA: GIVE voucher information, 
Transaction ID, Voucher Server URL, Terminal's DRM ID), DRM Agent sends a 
"normal" voucher back to the terminal, the terminal may download the content if it did 
not already have it (interface CS-T). 

DRM Agent must authenticate the end user (actually DRM Agent is interested in 

20 authorization. However, authorization is usually based on authentication). The end user 
should be able to authenticate the DRM Agent, at least in those cases where it sends 
confidential information to the DRM Agent (e.g. usemame password). The integrity of 
the commxmications should be protected. Confidentiality requirements are not that major, 
expect possibly for GIVE vouchers (depends on the GIVE voucher implementation). 

25 Referring again to Figure 12 and Figure 15, the DRM Agent-Voucher Server DA- 

VS interface is used to request information and vouchers fix)ni the Voucher Server. For 
voucher information requests and responses, DA==>VS Content ID, terminal DRM ID, 
transaction ED and VS=>DS Voucher descriptions and prices. For voucher requests and 
responses, DA=>VS Content ID, terminal DRM ID, transaction ID and VS=>DS 

30 Voucher. Mutual authentication is required between DA and VS. In addition, integrity of 
the communications must be protected. SOAP requests and responses over http with a 
SSL comiection. VS acts as an http-server, DA as an http-client. 
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Referring again to Figure 12 and Figure 15, the DRM Agent-Extemal Payment 
System DA-EPS interface is used to collect real money from the end user. The 
implementation of this interface is a feature of a specific DRM agent product. 

Referring back to Figure 12, the Voucher Server-DRM Terminal Infrastructure 
5 VS-DRMI interface is used by the Voucher Server to request information about the DRM 
terminals. The fimction of this interface is to get temiinal cryptographic information of a 
specific terminal (e.g., symmetric key, pubUc key or certificate) and to check revocation 
status of a specific terminal. One implementation is to use a full-blown terminal PKI with 
a directory service containing temunal certificates aad revocation lists. This interface 
10 will most likely be specific to a terminal vendor and thus a Voucher Server product will 
need to implement a plug-in architecture for multiple terminal vendor DRMI 
implementations. 

Referring again to Figure 12 and Figure 15, the Terminal-DRM Terminal 
Infrastructure T-DRMI interface is used for terminal management operations. The 

15 function of this interface is to perform terminal initialization (e.g., key generation), 
terminal renovation (e.g., key refresh, DRM client binary update), and terminal 
revocation. Anomaly detection mechanisms must be used to detect cracked terminals. 
This interface will most hkely be terminal vendor specific and is used in some 
implementations only during manufacturing phase of the terminal. 

20 The interfaces described above do not include all information exchange between 

the entities of the architecture. Certain contractual arrangements need to be done 
beforehand and monet^ settlement after the fact (e.g. weekly or once in a month). In 
addition, mutual authentication is required in most cases between communicating parties 
implying that some kind of authentication information (e.g. usemames and passwords) 

25 may need to be exchanged beforehand. 

These kind of arrengements are done between Content Server and Voucher 
Server, End user (terminal) and DRM Agent, DRM Agent and Voucher Server, DRM 
Agent and External Payment System, and Voucher Server and DRM Terminal 
Infrastructure. 

30 As for security considerations, the DRM problem can be solved in a simple way if 

we do not allow super-distribution. This is called the "foward-lock" method tliat 
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disables the end-user from forwarding the content to another terminal. Thus, everyone 
must get their ringing tone or whatever from the retail site and pay for it. 

If we enable super-distribution the rules of the game are radically different. It gets 
very hard to keep the content within a closed system of trusted terminals, especially 
5 without dramatically restricting the super-distribution mechanisms. 

Super-distribution changes the dynamics of security breaks when compared to the 
forward-lock solution. In the forward-lock solution it is difficult to distribute the cracked 
piece of content in large scale because ordinary terminals can not be trivially used for re- 
distribution. However, if super-distribution is enabled the cracked version will get 
10 distributed with the same mechanism as the original content And paradoxically, the 
cracked version will get accerelated super-distribution because of its outstanding 
price/quality ratio when compared to the original piece. Thus, the competition between 
the cracked and original versions is quite unfair and may lead to a situation where the 
cracked version spreads like a virus and outnumbers the original version by far. This is 
15 difficult to estimate because we do not have much experience on suberdistribution. 

The scenario above shows that it is very dangerous to compare the security 
requirements of forward-lock and super-distribution systems (e.g., 'Tt is already possible 
to crack ringing tones in the forward-lock system but that has not been a problem - why 
should it be a problem in the super-distribution case?). 
20 At the end of the day, cryptography is the only technology that provides us with 

mechanisms to protect the content once it gets distributed to an untrusted terminal (e.g. 
PC). In practice this means that the content is encrypted and the decryption key is only 
available for those terminals that have paid to consume the content. 

Table 2 below describes some possible solutions to the DRM problem. 
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Solution 

name 


Description 


Comments 


Forward- 
lock 


Terminal UI prevents the end user 
to forward the content to another 
terminal. Payment is done before 
downloading the content. 


This is already used in Nokia mobile 
phones with e.g. ringing tones. 

Forward-lock kills super-distribution. 


Link 

forwarding 


This is content forward-lock, but 
allows the end user to forward the 
content URL. 


Content is always downloaded from the 
URL into the terminal and payment is 
done before content downloadmg. This is 
an attempt to provide the functionality and 
user experience of super-distribution 
without a need for DRM key management 
infrastructure. This solution does not 
utilize the possibility to use an effective 
local link for super-distribution of the 
content. 


Plain 

transport 
security 


This is a DRM solution that 
piggybacks transport layer security 
protocols. 


Messaging based super-distribution (e.g. 
MMS) is difficult to handle with this 
approach because it allows that the 
content can be sent to e.g. PC. That is 
difficult to prevent. 


Content 
encrypted, 
voucher in 
plain text 


Content is statically encrypted but 
the voucher (and the content 
decryption key within) is in plmn 
text. Transport layer security 
protocols are piggybacked to 
protect the voucher while it is in 
transit. The vouchers that contain 
the decryption key are not 
forwarded. 


Tliis is an attempt to provide content 
encryption but avoid storing secret/private 
keys inside the terminal because of the 
costs of such DRM key management 
infrastructures. How to prevent that the 
voucher does not m a tnvial way end up 
into an untrusted terminal (e.g. PC) and 
compromise the content? Client 
authentication would solve this, but that 
would require a secret inside the 
terminal. . . This solution is transport 
agnostic for the content delivery but not 
for the voucher delivery. 


Content 
encrypted, 
voucher 
encrypted 


This is the basic voucher based 
DEM model. 


Securitywise, this solution is totally 
transport agnostic. Voucher needs to be 
personalized (if we assume that each 
terminal has personal keys). 



Table 2 



Method and System for Issuing Rights for Copyright Protected Content 

Method for issuing rights for (copyright) protected content in a mobile 
communication environment with a wireless terminal by means of vouchers, which are 
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issued, by a voucher server having a coimection to the mobile network of the terminal and 
having a connection to at least one content server. The vouchers issued by the voucher 
server contain usage rules, rights, and business rules relating to a content item and to the 
user. The voucher is connected to the content but is separate from the content. The 
5 voucher is deliverable separately from the content as specified by the terminal or the user 
to a terminal and/or to a server within the communication network for further processing 
and/or for acquiring the issued rights. 

Method and System for Acquiring Rights for Copyright Protected Content 

Method for acquiring rights for (copyright) protected content in a mobile 

10 communication environment with a wireless terminal by means of vouchers, which are 
issued by a voucher server having a connection to the mobile network of the terminal and 
having a connection to at least one content server. The method comprises steps of 
creating a connection with the content server (and the payment server), selecting at least 
one content item from a plurality of content items on a content server, specifying the 

1 5 scope of rights to the chosen content item(s), makuig payment(s) for the selected content 
item(s)5 receiving the voucher(s) for the selected and purchased content item(s), aud 
storing the received voucher(s) at the terminal and/or at a server having a coimection to 
the terminal and/or on a /physical carrier having a connection to the terminal for storing 
the received voucher(s). According to the method the rights issued by the voucher can 

20 also be modified according to the usage and/or business mles of the voucher and/or the 
voucher issuing system. 

A registered terminal can acquire additional vouchers and/or modifications for 
existing vouchers with a one-click procedure (the terminal/user and the acquired vouchers 
are identified, expiry warnings) 

25 Method and System for Accessing Copvright Protected Content 

Method for accessing (copyright) protected content in a mobile communication 
environment by means of a wireless terminal using vouchers, which are issued by a 
voucher server having a connection to the mobile network of the terminal and having a 
connection to at least one content server and which vouchers specify at least a part of the 

30 scope of rights acquired unambiguously. According to the method a voucher specifying 
the scope of the rights to a content item is stored at the terminal or at a server having 
connection to the terminal and accessible to the user of the terminal for controlhng the 
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use of the specified content item, e.g., for consuining and/or other (further) processing, 
e.g., downloading, storing, super-distributing etc. as specified in the voucher. The 
specified content is deUvered to the specified location after the validity and/or 
authenticity of the voucher is verified. In super-distribution the super-distributed content 
5 is made available according to the usage rules for that content item. 

Method and System for Transferring Access Rights to Copyright Protected Content 
Method for transferring access rights to (copyright) protected content in a mobile 
communication environment by means of a wireless terminals using vouchers, which are 
issued by a voucher server having a connection to the mobile network of the terminal and 

10 having a connection to at least one content server. According to the method at least one 
acquired voucher specifying the scope of the rights to a content item is accessible to the 
user of the tenninal for controlling the use of the specified content item, e.g., for 
consuming and/or other (further) processing, e.g. downloading, storing, super-distributing 
etc. as specified in the voucher. The voucher can be stored at the first terminal and/or at a 

15 server having connection to the first tenninal and/or at a (physical) carrier, which can be 
accessed by the first terminal. All or a part of the rights specified in the acquired voucher 
can be transferred to at least another terminal. 

The transfer, which can be lending or super-distribution starts either with an offer 
from the first terminal (sender) to the second terminal (receiver) or with a request from 

20 the second terminal to the first terminal preferably by using a IR or RF hnk between the 
terminals. The first (sender) tenninal transmits a message to the voucher server 
expressing the intent (lend/super-distribute) to transfer the rights. The message may 
contain in addition to the information concerning the voucher, also such information on 
the receiving terminal that the transaction can be fulfilled (identification of the second 

25 terminal and payment server of the second terminal). The voucher of the first tenninal is 
modified according to the transfer intent. 

The resulting invention is applicable to virtually all digital commimications 
networks, including wide area networks (WANs), metropolitan area networks (MANs), 
local area networks (LANs), and personal area networks (PANs). The resulting invention 

30 is applicable to fixed station wireline networks, mobile wireless networks, and hybrid 
combinations of fixed station wireline networks communicating through wireless access 
points with mobile wireless networks. In particular, the resulting invention is applicable 
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to any mobile computing environment, including any wireless wide area network suph as 
a cellular telephone network or any short range wireless system such as a wireless local 
area network or a wireless personal area network. Examples of wireless, wide area 
network architectures to which the invention applies include Global System for Mobile 
5 Communication (GSM), IS-136 TDMA-based Digital Advanced Mobile Phone Service 
(DAMPS), Personal Digital Cellular (PDC), IS-95 CDMA-based cdniaOne System, 
General Packet Radio Service (GPRS) and broadband wireless systems such as W- 
CDMA, and Broadband GPRS. Examples of short-range wireless systems to which the 
invention applies include the Bluetooth Standard, the ffiEE 802.11 Wireless LAN 

10 Standard the HIPERLAN Standard, the IEEE 802.15 Wneless Personal Area Network 
(WPAN) standard, the Infrared Data Association (IrDA) standard, the Digital Enhanced 
Cordless Telecommunications (DECT) standard, the Shared Wireless Access Protocol 
(SWAP) standard, the Japanese 3rd Generation (3G) wireless standard- and the 
Multimedia Mobile Access Conununication (MMAC) Systems standard of the Japanese 

1 5 Association of Radio Industries and Businesses, 

Although the embodiments disclosed herein describe a fully functioning method, 
system, and computer program product for controlling the distribution of a digital asset in 
a mobile enviroimient, the reader should understand that other equivalent embodiments 
exist. Since numerous modifications and variations will occur to those who review this 

20 disclosure, the method, system, and computer program product for controlling the 
distribution of a digital asset in a mobile environment is not limited to the exact 
construction and operation illustrated and disclosed herein. Accordingly, this disclosure 
intends all suitable modifications and equivalents to fall within the scope of the claims. 
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We claim: 

1 . A method for controlling the distribution of a digital asset in a mobile environment 
comprising: 

browsing a content server coupled to a voucher server to locate the digital asset; 
5 offering to purchase the digital asset from a payment server coupled to the voucher 

server; 

receiving a purchase price for the digital asset from the payment server, the purchase 
price responsive to an inquiry by the payment server to the voucher server; and 
receiving a voucher from the payment server. 



10 



15 



2. The method of claim 1, further comprising: 
registering the digital asset wifli a voucher server by: 

assigning a unique identifier to the digital asset; and 

encrypting the digital asset with a random content encryption key. 

3. The method of claim 2, further comprising: 
assigning the purchase price to the digital asset. 



4. The method of claims 1, further comprising: 

20 downloadhig the digital asset from the content server. 

5. A method for controlling the distribution of a digital asset in a mobile environment 
comprising: 

requesting the digital asset from another mobile device; 
25 receiving a preview copy of the digital asset from the other mobile device; 

evaluating the preAdew copy; 

offering to purchase the digital asset from a payment server coupled to the voucher 
server based upon the evaluating of the preview copy; 

receiving a purchase price for the digital asset from the payment server, the purchase 
30 price responsive to an inquiry by the payment server to the voucher server; and 

receiving a voucher from the pa3/ment server. 
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6. A method for controlling the distribution of a digital asset in a mobile environment 
comprising: 

requesting the digital asset from another mobile device. 

offering to purchase the digital asset from a payment server coupled to the voucher 

5 server; 

recdvuig a purchase price for the digital asset from the payment server, the purchase 
price responsive to an inquiry by the payment server to the voucher server; and 
receiving the digital asset from the payment server. 

10 7. A method for controlling the copying of a primary digital asset in a mobile 
environment comprising: 

storing a primary content in a distributing computer; 

storing a primary voucher and a secondary voucher in a wireless device; 

said primary voucher allowing a user to render content a plxnahty of times, and 
1 5 including a first pointer to the primary content, and frirther including a first reference, in a 
narrow element, to the secondary voucher; 

said secondaiy voucher allowiug a preview of the content to be distributed to another 
user, and including a second pointer to the primary content, and fiirther including a second 
reference, ia a narrow element, to the secondary voucher allowiug the secondary voucher to 
20 create a duphcate of itself; 

invoking a forwarding operation in the wireless device, to access the primary 
voucher and use the first painter therein to signal the distributing computer to duplicate the 
primary content as a primary content copy and to transmit the primary content copy to a 
receiving terminal; and 

25 using the first reference in the primary voucher to access the secondary voucher to 

duplicate the secondary voucher as a duplicate voucher and to transmit the duplicate voucher 
to the receiving terminal; 

whereby the forwarding operation results in the primary content copy and the 
duphcate secondary voucher being resident in the receiving terminal. 

30 

8 . A method for controUing the copying of a primary digital asset in a mobile 
environment comprising: 
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storing a primary content in a distributing computer; 

storing a primary voucher and a secondary voucher in a wireless device; 

said primary voucher allowing a user to render content a plurahty of times, but not 
allowing dupUcation of the content, and including a first pomter to titie primary content, and 
5 further including a first reference, in a narrow element, to the secondary voucher; 

said secondary voucher allowing a preview of the content to be distributed to another 
user, and includmg a second pointer to the primary content, and further tncluduig a second 
reference, in a narrow element, to the secondary voucher allowing the secondary voucher to 
create a duplicate of itself; 
1 0 invoking a forwarding operation in the wireless device, to access the primary 

voucher and use the first pointer therein to signal the distributing computer to dupUcate the 
primary content as a primary content copy and to transmit it to a receiving terminal; 

said invoking step resettiag said primary voucher to a no-rights state; and 

using the first reference in the primary voucher to access the secondary voucher to 
15 duplicate the secondary voucher as a duplicate voucher and to transmit the dupUcate voucher 
to the receiving terminal; 

whereby the forwarding operation results in the primary content copy and the 
duphcate secondary voucher being resident in the receiving terminal. 

20 9. A method for controlhng the copying of a preview of a primary digital asset in a 
mobile environment comprising: 

storing a primary content in a distributing computer; 
storing a primary voucher and a secondary voucher in a wireless device; 
said primary voucher allowing a user to render content a plurality of times, but not 
25 allowing duplication of the content, and including a first pointer to the primary content, and 
further including a first reference, in a narrow element, to the secondary voucher; 

said secondary voucher allowing a preview of the content to be distributed to another 
user, and including a second pointer to the primary content, and further including a second 
reference, in a narrow element, to the secondary voucher allowing the secondary voucher to 
30 create a dupUcate of itself; 

invoking a forwarding operation in the wireless device, to access the primary 
voucher and use the first reference therein to signal the distributing computer to duplicate the 
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secondary voucher as a duplicate voucher and to transmit the duplicate voucher to the 
receiving terminal; and 

said invoking step resetting said primary voucher to a no-rights state; 
whereby the forwarding operation results in the duplicate secondary voucher being 
5 resident in the receiving terminal. 

10. A method for controlling the copjnng of a piiraary digital asset in a mobile 
environment comprising: 

storing a primary content in a distributing computer; 
storing a primary voucher and a secondary voucher in a wireless device; 
said primary voucher allowing a user to render content a plurality of times, but not 
allowing duplication of the content, and further including a first pointer to the primary 
content, and further including a first reference, in a narrow element, to the secondary 
voucher; 

invoking a forwarding operation in the wireless device, to access the primary 
voucher to duplicate the primary voucher as a duplicate voucher and to transmit the 
duphcate voucher to the receiving terminal; and 

said invoking step resetting said primary voucher in the wireless device to a no-rights 

state; 

whereby the forwarding operation results in the duplicate primary voucher being 
resident in the receiving terminal, 

11. A method for controlling the copying of a primary digital asset and copying of a 
preview of the digital asset in a mobile environment comprising: 

25 storing a primary content and a secondary content in a distributing computer; 

storing a primary voucher and a secondary voucher in a wireless device; 
said primary voucher allowing a user to render content a plurality of times, but not 
allowing duplication of the content, and further including a first pointer to the primary 
content and a second pointer to the secondary content, and further including a first 
30 reference, in a narrow element, to the secondary voucher; 

said secondary voucher allowing a preview of the content to be distributed to another 
user, and fiirther including a third pointer to the primary content and a fourth pointer to the 
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secondary content, and further including a second reference, in a narrow element, to the 
secondary voucher allowing the secondary voucher to create a duplicate of itself; 

invoking a forwarding operation in the wireless device, to access the primary 
voucher and use the first pointer therein to signal the distributing computer to duplicate the 
5 primary content as a primary content copy and to transmit the primary content copy to a 
receiving terminal; and 

using the first reference in the primary voucher to access the secondary voucher to 
use the third pointer therein to signal the distributing computer to duplicate the secondary 
content as a secondary content copy and to duphcate the secondary voucher as a dupHcate 
1 0 voucher and to transmit them to the receiving terminal; 

whereby the forwarding operation results in the primary content, the secondary 
content, and the duplicate secondary voucher being resident in the receiving terminal. 

12. A method for controlling the giving of a preview digital asset in a mobile 
1 5 environment comprising: 

storing a primary content in a distributing computer; 
storing a primary voucher and a secondary voucher in a wireless device; 
said primary voucher allowing a user to render content a plurality of times, but not 
allowing dupKcation of the content, and further including a first pointer to the primary 
20 content, and fiirther including a first reference, in a narrow element, to the secondary 
voucher; 

said secondary voucher allowing a preview of the content to be distributed to another 
user, and including a second pointer to the primary content, and further including a second 
reference, in a narrow element, to the secondary voucher allowing the secondary voucher to 
25 create a duplicate of itself; 

invoking a give operation in the wireless device, to send a copy of the secondary 
voucher to a voucher server; 

receiving a reference voucher at the wireless device firom the voucher server, that 
includes an indication of no rights to the primary content; 
30 sending the reference voucher from the wireless device to a receiving terminal; 

sending a request &om the terminal to the voucher server, requesting a new 
secondary voucher; and 
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receiving the new secondary voucher in the receiving terminal; 
whereby the give operation results in the new secondajty voucher being resident in 
the receiving terminal. 

5 13. A method for controlling the giving a primary digital asset in a mobile environment 
comprising: 

storing a primary content in a distributing computer; 

storing a primary voucher and a secondary voucher in a wireless device; 

said primary voucher allowing a user to render content a plurality of times, but not 
1 0 allowing duplication of the content, and further including a first pointer to the primary 
content, aad further including a first reference, in a narrow element, to the secondary 
voucher; 

said secondary voucher allowing a preview of the content to be distributed to another 
user, and including a second pointer to the primary content, and further including a second 
15 reference, in a narrow element, to the secondary voucher allowing the secondary voucher to 
create a duphcate of itself; 

invoking a give operation in the wireless device, to send the primary voucher to a 
voucher server; 

resetting the primary voucher to a no-rights state in the wireless device; 
20 receiving a reference voucher at the wireless device from the voucher server that 

includes an indication of no rights to the primary content; 

sending the reference voucher from the wireless device to a receiving terminal; 

sending a request from the terminal to the voucher server, requesting a new primary 
voucher; and 

25 receiving the new primary voucher at the receiving terminal; 

whereby the give operation results iu the new primary voucher being resident in the 
receiving terrninal. 

14. A method for controlling the distribution of a digital asset in a mobile environment 
30 comprising: 

forming an XML digital rights voucher that includes: 

an asset element containing a pointer to a digital asset; 
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a protection element containing protection information on how the asset is 
protected; 

an intent element containing use information on the type of use intended for 
the asset; and 

5 a constrain element containing restriction information limiting usage of the 

asset; 

transmitting the digital rights voucher to a user's wireless device; 
receiving in the wireless device a user request to use the digital asset; 
accessing the asset by means of the poiater in the asset element and the protection 
1 0 information in the digital rights voucher; and 

limiting said intended use of the asset by means of the said restriction information. 

15. A method for controlling the distribution of a digital asset in a mobile environment 
comprising: 

1 5 forming a primary XML digital rights voucher that includes: 

an asset element containing a first pointer to a primary digital asset; 

a protection element containing first protection information on how the 
primary asset is protected; 

an intent element containing first use information on the type of use intended 
20 for the primary asset; 

a constrain element containing fibrst restriction information limiting usage of 
the primary asset; and 

a narrow element containing a second pointer to a secondary XML digital 
rights voucher; 

25 forming the secondary XML digital rights voucher that includes: 

an asset element containing a third pointer to the primary digital asset; 
a protection element containing second protection information on how the 
primary asset is protected; 

an intent element containing second use information on the type of use 
30 intended for the primary asset; and 

a constrain element containing second restriction information limiting usage 
of the primary asset; 
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transmitting the primary and the secondary digital rights vouchers to a user's 
wireless device; 

receiving in the wireless device a user request to have a diminished use the digital 

asset; 

5 accessing the secondary XML digital rights voucher by means of the second pointer 

in the narrow element of the primary XML digital rights voucher; 

accessing the asset by means of the third pointer in the asset element and the 
secondary protection information in the secondary XML digital rights voucher; and 

limiting said intended use of the asset by means of the said secondary restriction 
1 0 information. 

16. A method for controlling the distribution of a digital asset in a mobile environment 
comprising: 

forming a primary XML digital rights voucher that includes: 
15 an asset element containing a first pointer to a primary digital asset; 

a protection element containing first protection information on how the 
primary asset is protected; 

an copy intent element containing copying as the intended use for the 
primary asset; 

20 a constrain element containing first restriction information limiting copying 

of the primary etsset; and 

a narrow element containing a second pointer to a secondary XML digital 
rights voucher; 

forming the secondary XML digital rights voucher that includes: 
25 an asset element containing a third pointer to the primary digital asset; 

a protection element containing second protection information on how the 
primary asset is protected; 

a copy intent element containing copying as tiie intended use for the primary 
asset; and 

30 a constrain element containing second restriction information Umiting 

copying of the primary asset; 

transmitting the primary and the secondary digital rights vouchers to a user' s 
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wireless device; 

receiving in the wireless device a user request to copy the digital asset; 
accessing the asset by means of the Jfirst pointer in the asset element of the primary 
XML digital rights voucher; 
5 copying the primary asset in accordance with said primary restriction information of 

the primary XML digital rights voucher; 

accessing the secondary XML digital rights voucher by means of the second pointer 
in the narrow element of the primary XML digital rights voucher; and 

copying the secondary XML digital rights voucher in accordance with said primary 
1 0 restriction information of the primary XML digital rights voucher. 

17. A method for controlling the distribution of a digital asset in a mobile environment 
comprising: 

formuig a primary XML digital rights voucher that iucludes: 
15 an asset element containing a first primary pointer to a primary digital asset 

and first secondary pointer to a secondary digital asset; 

a protection element containing first protection information on how the 
primary and secondary assets are protected; 

a copy iutent element containing copying as the intended use for the primary 
20 and secondary assets; 

a constrain element containing first restriction information hmiting copying 
of the primary and secondary assets; and 

a narrow element containing a second pointer to a secondary XML digital 
rights voucher; 

25 forming the secondary XML digital rights voucher that includes: 

an asset element containing a third primary pointer to the primary digital 
asset and third secondary pointer to the secondary digital asset; 

a protection element containing second protection information on how the 
primary and secondary assets are protected; 
30 a copy intent element containing copying as the intended use for the primary 

and secondary assets; and 

a constrain element contaiiung second restriction information limiting 
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copying of the primary and secondary assets; 

transmitting the primary and the secondary digital rights vouchers to a user's 
wireless device; 

receiving in the wireless device a user request to copy the primary and secondary 

5 assets; 

accessing the primary and secondary assets by means of the first primary pointer and 
first secondary pointer in the asset element of the primary XML digital rights voucher; 

copying the primary and secondary assets in accordance with said first restriction 
information of the primary XML digital rights voucher; 
1 0 accessing the secondary XML digital rights voucher by means of the second pointer 

in the narrow element of the primary XML digital rights voucher; and 

copying the secondary XML digital rights voucher in accordance with said primary 
first information of the primary XML digital rights voucher. 

15 18. A method for controlling the transfer of donnant rights to digital asset in a mobile 
environment comprising: 

storing a digital asset content in a distributing computer in a network; 
storing a voucher in a first device in the network, the voucher including: 
a pointer to the content; 
20 use information specifying the type of use intended for the content; 

restriction information limiting usage of the content; and 
identity information identifying a second device in the network; 
preventing the first device from using the content, in response to the restriction and 
identity information in the voucher; 
25 transferring a new copy of the voucher to the second device in the network; and 

permitting the second device to use the content, in response to the restriction and 
identity information in the voucher. 

19. A method for controlling the transfer of dormant rights to digital asset in a mobile 
3 0 environment comprising: 

storing a digital asset content in a distributing computer in a network; 
storing a voucher in a first device in the network, the voucher including: 
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a pointer to the content; 

use information specifying the type of use intended for the content; 
restriction information limiting usage of the content; 
identity information identifying a second device hi the network; and 
5 clearing house information; 

preventing the first device firom using the content, m response to the restriction and 
identity information in the voucher; 

transferring a new copy of the voucher to the second device in the network; 
permitting the second device to use the content, in response to the restriction and 
1 0 identity information in the voucher; and 

requiring the second device to report is use of the content to a clearinghouse 
computer in the network, in response to the clearing house information in the voucher. 

20. The method of claim 1 9, wherein the clearinghouse information further comprises: 
15 a name of the clearinghouse, its public signature verification key, and a network 

address where the use of the content can be reported. 

21 . A method for deferring payment for a digital asset in a mobile environment 
comprising: 

20 storing a content of a digital asset in a distributing computer in a network; 

registering a buyer device in the network with a clearinghouse computer in the 
network; 

receiving at the buyer device a certificate firom the clearinghouse, the certificate 
including a signature verification key for the buyer device and a charge authorization ticket 
25 which is valid for a specified total purchase amount; 

sending from the buyer device to a seller device in the network, a copy of the 
certificate and an offer indication to pay a price to the seller device for the content; 

verifying by the seller device the authenticity and the validity of the offer indication 
using the certificate; 

30 receiving at the buyer device firom the seller device in the network a voucher 

including: 

a pointer to the content; 
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use infomiation specifying the type of tise intended for the content; and 
restriction information limiting usage of the content; 
allowing the buyer device to use the content, in response to the restriction and use 
information in the voucher; and 
5 sending from the seller device to the clearinghouse, the offer indication by the buyer 

device, to obtain compensation to the seller device for the price of the content. 

22. The method of claim 21, which further comprises: 

sending a bill from the clearinghouse to the buyer device to collect the price. 

10 

23. The method of claim 21, which further comprises: 

deducting by the clearinghouse the price from a prepaid amount previously paid by 
the buyer device. 

1 5 24. The method of claim 21, which further comprises: 

adding by the clearinghouse the price to a debt amount to be paid by the buyer 

device. 

25. The method of claim 21, which further comprises: 

20 providing a bonus from the clearinghouse to the seller device as the compensation. 

26. A method for controlling the transfer of dormant rights to digital asset in a mobile 
environment comprising: 

storing a digital asset content in a distributing computer in a network; 
25 storing a voucher in a first device in the network, the voucher including: 

a pointer to the content; 

use infonnation specifying the type of use intended for the content; 

restriction infonnation limiting usage of the content; 

identity infonnation identifying a second device in the network; and 
30 clearing house information specifying a first clearinghouse; 

the first device being registered with a second clearinghouse; 
preventing the first device from using the content, in response to the clearing house 
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information, because the second clearinghouse does not match with the specification of the 
first clearing house in the voucher; 

transferring a new copy of the voucher to the second device in the network, the 
second device being registered with the first clearinghouse; 
5 permitting the second device to use the content, in response to the clearinghouse 

information, because the first clearin^ouse matches with the specification of the first 
clearinghouse in the voucher; and 

requiring the second device to report is use of the content to the first clearinghouse 
computer in the network, in response to the clearinghouse information in the voucher. 

10 

27. A method for conducting transactions up to a limit, for transferring rights to a digital 
asset in a mobile environment, comprising: 

storing a content of a digital asset in a distributing computer in a network; 
registering a seller device in the network, with a clearinghouse computer in the 
15 network; 

receiving at the seller device a seller's voucher from the clearinghouse, the voucher 
including: 

a pointer to the content; 

use information specifying the type of use intended for the content; 
20 restriction information hmiting usage of the content; and 

transaction information allowing transactions up to a limit for transferring 
rights to the content; 

registering a buyer device in the network, with the clearinghouse computer in the 
network; 

25 receiving at the buyer device a certificate fi-om the clearinghouse, the certificate 

including a signature verification key for the buyer device and a charge authorization ticket 

that is vaUd for a specified total purchase amount; 

sending from the buyer device to the seller device a copy of the certificate and an 

offer indication to pay a price to the seller deAace for the content; 
30 verifying by the seller device the authenticity and the validity of the offer indication 

using the certificate; 

receiving at the buyer device firom the seller device in the network a buyer's voucher 
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including: 

a pointer to the content; 

use information specifying the type of use intended for the content; and 
restriction information hmiting usage of the content; 
5 allowing the buyer device to use the content in response to the restriction and use 

information in the buyer's voucher; 

sending from the seller device to the clearinghouse the offer indication by the buyer 
device to obtain compensation to the seller device for the price of the content; and 

prohibiting the seller from conducting ftirfher transactions beyond the limit in 
1 0 response to the transaction information of the seller's voucher. 

28 . The method of claim 27, wherein the limit is based on the number of sales of the 
content. 

15 29. The method of claim 27, wherein the limit is based on a cumulative monetary value 
of sales of the content. 

30. The method of claim 27, wherein the limit is based on the number of resales of the 
content. 

20 

3 1 . The method of claim 27, wherein the limit is based on an accumulated covtnt of the 
number of sales of the content. 

32. The method of claim 27, wherein the limit is based on a number of preview copies of 
25 tiie content that are distributed. 

33 . A method for transferring rights to a digital asset that includes preview copies that 
convey with the asset in a mobile environment, comprising: 

storing a primary content and a secondary content of a digital asset in a distributing 
3 0 computer in a network; 

registering a seller device in the network vnth a clearinghouse computer in the 
network; 
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receiving at the seller device a seller's primary voucher firom the clearinghouse, the 
seller's primary voucher including: 

a pointer to the primary content; 

use information specifying the type of use intended for the primary content; 
5 restriction information limiting usage of the primary content; 

transaction information allowing transactions up to a primary limit for 
transferring rights to the primary content; and 

a reference to a seller's secondary voucher; 
receiving at the seller device the seller's secondary voucher from the clearinghouse, 
1 0 the seller' s secondary voucher including: 

a pointer to the secondary content; 

use information specifying the type of use intended for the secondary 
content; 

restriction information allowing a preview copy of the content to be 
15 distributed to another user; and 

transaction infomiation allowing transactions up to a secondary limit, for 
transferring a preview copy; 

registering a buyer device in the network with the clearinghouse computer in the 
network; 

20 receiving at the buyer device a certificate from the clearinghouse, the certificate 

including a signature verification key for the buyer device and a charge authorization ticket 

that is vaUd for a specified total purchase amount; 

sending from the buyer device to the seller device a copy of the certificate and an 

offer indication to pay a price to the seller device for the content; 
25 verifying by the seller device the authenticity and the validity of the offer indication 

using the certificate; 

receiving at the buyer device from the seller device in the network, a buyer's primary 
voucher including: 

a pointer to the primary content; 
3 0 use information specifydng the type of use intended for the primary content; 

restriction information limiting usage of the primary content; and 
a reference to a buyer's secondary voucher; 
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receiving at the buyer device the buyer's secondary voucher from the clearinghouse 
the buyer's secondary voucher including: 

a pointer to the secondary content; 

use information specifying the type of use intended for the secondary 
5 content; 

restriction information allowing a preview copy of the content to be 
distributed to another user; and 

transaction information allowing transactions up to a secondary limit for 
transferring a preview copy; 
1 0 allowing the buyer device to use the content in response to the restriction and use 

information in the buyer's primary and secondary vouchers; and 

sending from the seller device to the clearinghouse the offer indication by the buyer 
device to obtain compensation to the seller device for the price of the content. 

34. The method of claim 33, which further comprises: 
prohibiting the seller from conducting ftirther transactions beyond the primary limit 

in response to the transaction information of the seller's primary voucher; 

said prohibiting being enforced by a compliant DRM module operating from within 
a tamper-resistant enclosure in the seller device. 

35 . The method of claim 33, which frurther comprises: 
prohibiting the seller from distributing fiuther preview copies beyond the secondary 

limit in response to the transaction information of the seller's secondary voucher; 

smd prohibiting being enforced by a compHant DRM module operating from within 
a tamper-resistant enclosure in the seller device. 

36. The method of claim 33, which fijrther comprises: 
prohibiting the buyer from conducting ftirther transactions beyond the primary limit 

in response to the transaction information of the buyer's primary voucher; 
30 said proliibiting being enforced by a compliant DRM module operating from within 

a tamper-resistant enclosure in the seller device. 
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37. The method of claim 33, which further comprises: 

prohibiting the buyer from distributing further preview copies beyond the secondary 
limit in response to the transaction information of the buyer's secondary voucher; 

said prohibiting being enforced by a compliant DRM module operating firom within 
5 a tamper-resistant enclosure in the seller device. 

38. The method of claim 33, which further comprises: 

said seller's secondary voucher including a second reference to itself, allowing the 
seller's secondary voucher to create a dupUcate of itself. 

10 

39. A method to control the downloading of digital asset content from a server to protect 
against resource exhaustion in a mobile environment, comprising: 

storing a digital asset content in a distributing computer in a network; 

storing a voucher in a device in the network, the voucher including: 
15 a pointer to the content; 

use information specifying the type of use intended for the content; 

restriction infomiation limiting visage of the content; and 

protection information specifying an ID for the content and an encryption 

key for the content; 

20 forming a download token in the device, using the ID for the content and the 

encryption key for the content; 

sending the download token firom the device to the distributing computer with a 
request to download the content after vahdating the download token; and 

receiving the content at the device, in response to the validation of the download 
25 token at the distributing computer; 

whereby only authorized devices in the network can successfully download the 
content. 

40. The method of claim 39, wherein the download token is a message authentication 
30 code (MAC) based on the encryption key for the content. 



41 . The method of claim 40, wherein the download token further includes a digital 
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signature of the device and a certificate issued by a certifying authority that certifies the 
authenticity of the digital signature of the device. 

42. The method of claim 39, wherein a payment authorization accompanies the 
5 download token sent to the distributing computer. 

43. A method for issuing rights in vouchers from a vouchex server to a wireless device in 
a mobile communication environment, the rights being to protected content of a digital asset 
stored in a content server, comprising: 

1 0 storing a digital asset content in a content server in a network; 

storing a voucher in a voucher server in the network, the voucher having metadata 
including: 

a pointer to the content; 

use information specifying the type of use intended for the content; 
1 5 restriction information limiting usage of the content; and 

protection information specifying a form of protection for the content; 
issuing the voucher from the voucher server to the wireless device; and 
enabling the wireless device to access the content fi*om the content server in response 
to the metadata. 

20 

44. The method of claim 43, wherein the protection information in the voucher includes 
an identity of the wireless device. 

45. The method of claim 43, wherein the voucher has a unique identification. 

25 

46. The method of claim 43, wherein the voucher is delivered to the wireless device 
separately fi'om the content. 

47. The method of claim 43, wherein the pointer in the voucher to the content includes a 
3 0 universal resource locator (URL). 

48. The method of claim 43, wherein the protection information in the voucher includes 
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an identity of the wireless device, the identity including a naiversal resource locator (URL). 

49. The method of claim 43, wherein the protection information in the voucher includes 
an identity of the wireless device, the identity being a message ID. 

5 

50. The method of claim 43, wherein the protection information in the voucher includes 
an identity of the wireless device, the identity being an absolute address path. 

51 . A method for acquiring rights in a wireless device in a mobile communication 

10 environment, JBrom vouchers issued by a voucher server, the rights being to protected content 
of a digital asset stored in a content server, comprising: 

establishing with a wireless device, a connection to a content server in a network 
storing a digital asset content; 

selecting with the wireless device, the content in the content server; 
1 5 requestirig a voucher from a voucher server in the network, for rights to the content, 

the voucher having metadata including: 

a pointer to the content; 

ViSG infomiation specifying the type of use intended for the content; 
restriction information limiting usage of the content; and 
20 protection information specifying a form of protection for the content; 

paying with the wireless device, for the rights to the content; 
receiving at the wireless device, the voucher from the voucher server; and 
enabling the wireless device to access the content from the content server in response 
to the metadata in the voucher, 

25 

52. The method of claim 5 1 , which further comprises: 
storing the voucher in the wireless device. 

53 . The method of claim 5 1 , wherein the establishing step further comprises: 

30 establishing with the wireless device, the connection to the content server, using a 

short message service (SMS) of a wireless communications network. 
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54. The method of claim 51, wherein the receiving step further comprises: 

receiving at the wireless device, the voucher jfrom the voucher server, using a short 
message service (SMS) of a wireless communications network. 

5 55. The method of claim 5 1 , which further comprises: 

registering the wireless device with the voucher server; 

entering a request to the wireless device for an additional voucher; and 

acquiring an additional voucher at the wireless device in response to the entering 

step. 

10 

56. The method of claim 55, wherein the entering step is by clicking a mouse-type user 
interface, 

57. The method of claim 55, wherein the additional voucher includes expiration date 
1 5 information in a metadata portion, further comprising: 

displaying the expiration date with the wireless device. 

58. The method of claim 55, wherein the additional voucher includes a last-voucher 
warning in a metadata portion, further comprising: 

20 displaying information about the number vouchers remaining with the wireless 

device. 

59. The method of claim 55, wherein the additional voucher includes a last-voucher 
warning in a metadata portion, ftirther comprising: 

25 displaying title last-voucher warning with the wireless device. 

60. The method of claim 5 1 , wherein the establishing step further comprises: 
establishing with the wireless device the connection to the content server using a 

Multimedia Messaging Service (MMS) of a wireless conmnmications network. 

30 

61 . The method of claim 5 1 , wherein the receiving step further comprises: 
receiving at the wireless device, the voucher firom the voucher server, using a 
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Multimedia Messaging Service (MMS) of a wireless communications network. 

62. The method of claim 5 1 , wherein the estabUshing step further comprises: 
establishing with the wireless device, the connection to the content server, using an 

5 object exchange protocol of a wireless communications network. 

63 . The method of claim 5 1 , wherein the receiving step further comprises: 

receiving at the wireless device, the voucher from the voucher server, using an object 
exchange protocol of a wireless communications network. 

10 

64. A method for super-distribution of rights by a wireless device in a mobile 
commmiication environment, based on vouchers issued by a voucher server, the rights being 
to protected content of a digital asset stored in a content server, comprising: 

establishing with a wireless device, a comiection to a content server in a network 
15 storing a digital asset content; 

selecting with the wireless device, the content in the content server; 
requestiag a JSrst voucher from a voucher server in the network for rights to the 
content the first voucher having metadata including: 

a pointer to the content; 
20 use information specifying the type of use intended for the content; 

restriction information limiting usage of the content; and 
protection information specifying a form of protection for the content; 
receiving at the wireless device the voucher from the voucher server; 
sending from the wireless device to the voucher server a request to super-distribute 
25 the content to a second device, the request including identification of the second device; 

receiving at the wireless device a modified voucher from the voucher server, the 
modified voucher having metadata including: 

a pointer to the content; 

use information specifying the type of use intended for the content; 
30 restriction information hmiting usage of the content; 

protection information specifying a form of protection for the content; and 
the identification of the second device; and 
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sending the modified voucher from the wireless device to the second device to super- 
distribute the content to the second device, the modified voucher enabhng the second device 
to access the content from the content server, in response to the metadata in the modified 
voucher. 



65. The method of claim 64, which fiirther comprises: 
paying with the wireless device, for the rights to the content. 

66. The method of claim 64, which further comprises: 
10 the second device payiag for the rights to the content 

67. A method for enabhng a wireless device in a mobile coimnimication environment to 
obtain rights to protected content of a digital asset stored in a content server, comprising: 

receiving a request for content of a digital asset stored ia a content server in a 
1 5 network, the request being received at a DRM agent in the network from a wireless device in 
a mobile communication envnomnent; 

requesting information about the content, the request being made by the DRM agent 

to a voucher server in the network; 

receiving the information about the content, including consideration information, 
20 received at the DRM agent from the voucher server; 

sending an offer of the consideration from the DRM agent to the wireless device; 
receiving an acceptance of the consideration at the DRM agent from the wireless 

device; 

requesting a voucher for the content, the request being made by the DRM agent to 
25 the voucher server; 

receiving the voucher at the DRM agent from the voucher server, the voucher having 
metadata including: 

a pointer to the content; 

use information specifying the type of use intended for the content; 
30 restriction information limiting usage of the content; and 

transaction information specifying consideration for obtaining rights to the 
content and an identity for the wireless device; and 
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sending the voucher from the DRM agent to the wireless device, to enable the 
wireless device to access the content from the content server, in response to the metadata. 

68. A method for enabling a wireless device in a mobile communication environment to 
5 obtain a right to give to another device, protected content of a digital asset stored in a content 
server, comprising: 

receiving a request for a right to give to a terminal device, content of a digital asset 
stored in a content server in a network, the request being received at a DRM agent in the 
network from a wireless device in a mobile communication environment; 
1 0 requesting information about the right to give the content, the request being made by 

the DRM agent to a voucher server in the network; 

receiving the infomiation about the right to give the content, including consideration 
information, received at the DRM agent from the voucher server; 

sending an offer of the consideration from the DRM agent to the wireless device; 
1 5 receiving an acceptance of the consideration at the DRM agent from the wireless 

device; 

requesting a give voucher for the right to give to the terminal device the content, the 
request being made by the DRM agent to the voucher server; 

receiving the give voucher at the DRM agent from tlie voucher server, the give 
20 voucher having metadata including: 

a pointer to the content; 

use information specifying the type of use intended for the content; 
restriction information limiting usage of the content; and 
transaction itiformation specifying consideration for obtaining the right to 
25 give the content and an identity for the terminal device; and 

sending the give voucher from the DRM agent to the wireless device, to enable the 
wireless device to forward the give voucher to the terminal device to enable the terminal 
device to access the content from the content server, in response to the metadata. 



30 



69. 



The method of claim 68, which frirther comprises: 

receivuig the give voucher at the DRM agent from the terminal device; 

transforming the give voucher into a second voucher at the DRM agent, the second 
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voucher having metadata includmg: 

a pointer to the content; 

use information specifying the type of use intended for the content; 
restriction information hmiting usage of the content; and 
5 the identity for the terminal device; and 

sending the second voucher from the DRM agent to the tertninal device to enable the 
terminal device to access the content from the content server in response to the metadata in 
the second voucher. 

70. The method of claim 68, which further comprises: 
receiving the give voucher at a second DRM agent from the terminal device; 
transfomdng the give voucher into a second voucher at the second DRM agent, the 

second voucher having metadata including: 

apoiater to the content; 

use information specifying the type of use intended for the content; 
restriction information limiting usage of the content; and 
the identity for the terminal device; and 
sending the second voucher from the second DRM agent to the terminal device to 
enable the terminal device to access the content from the content server, in response to the 
metadata in the second voucher. 

71 . A method for enabling a wireless device in a mobile communication environment to 
obtain rights to protected content of a digital asset stored in a content server, comprising; 

receiving a request for content of a digital asset stored in a content server in a 
25 network, the request being received at a DRM agent in the network from a wireless device in 
a mobile communication environment; 

requesting a voucher for the content, the request being made by the DRM agent to 
the voucher server; 

receiving the voucher at the DRM agent from the voucher server, the voucher having 

3 0 metadata including: 

a pointer to the content; 

use information specifying the type of use intended for the content; 



10 



15 



20 
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restriction information limiting usage of the content; and 
transaction information specifying consideration for obtaining rights to the 
content and an identity for the wireless device; 

sending an offer of the consideration from the DRM agent to the wireless device; 
5 receiving an acceptance of the consideration at the DRM agent from the wireless 

device; and 

sending the voucher from the DRM agent to the wireless device, to enable the 
wireless device to access the content from the content server, in response to the metadata. 

10 72. A system for enabling a wireless device in a mobile communication environment to 
obtain rights to protected content of a digital asset stored in a content server, comprising: 
a content server in a network for storing content of a digital asset; 
a voucher server in the network for registering the content; 

a DRM agent in the network for receiving a request for the content from a wireless 
1 5 device in a mobile commimication environment; 

said DRM agent requesting information about the content from the voucher server; 

said voucher server sending the information about the content including 
consideration information to the DRM agent; 

said DRM agent sending an offer of the consideration to the wireless device; 
20 said wireless device sending an acceptance of the consideration to the DRM agent; 

said DRM agent sending a request for a voucher for the content to the voucher 

server; 

said voucher server sending the voucher to the DRM agent having metadata 
including: 

25 a pointer to the content; 

use information specifying the type of use intended for the content; 
restriction information limiting usage of the content; and 
transaction isaformation specifying consideration for obtaiiung rights to the 
content and an identify for the wireless device; and 
30 said DRM agent sending the voucher to the wireless device, to enable the wireless 

device to access the content from the content server, in response to the metadata. 
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73. A computer program product for enabling a wireless device in a mobile 
communication environment to obtain rights to protected content of a digital asset stored in a 
content server, comprising: 

a computer readable medium; 
5 program code in said computer readable medium for receiving a request for content 

of a digital asset stored in a content server in a network, the request being received at a DRM 
agent in the network from a wireless device in a mobile communication environment; 

program code in said computer readable medium for requesting information about 
the content, the request being made by the DRM agent to a voucher server in the network; 
1 0 program code in said computer readable medium for receiving the information about 

the content, including consideration information, received at the DRM agent from the 
voucher server; 

program code in said computer readable medium for sending an offer of the 
consideration from the DRM agent to the wireless device; 
1 5 program code in said computer readable medium for receiving an acceptance of the 

consideration at the DRM agent from the wireless device; 

program code in said computer readable medium for requesting a voucher for the 
content, the request being made by the DRM agent to the voucher server; 

program code in said computer readable medium for receiving the voucher at the 
20 DRM agent from the voucher server, the voucher having metadata including: 

a pointer to the content; 

use information specifying the type of use mtended for the content; 
restriction information limiting usage of the content; and 
transaction information specifying consideration for obtaining rights to the 
25 content and an identity for the wireless device; and 

program code in said computer readable medium for sending the voucher from the 
DRM agent to the wireless device, to enable the wireless device to access the content from 
the content server, in response to the metadata. 



30 



74. A method for distribution of a content item by sharing access to the content item 
comprising: 

encryptiag the content item with a first encryption key; 
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encrypting the first encryption key with at least one second encryption key to create 

at least one encrj^ted first encryption key; 

creating a voucher for expressing usage rights associated with the content item; ■ 
storing said at least one encrypted first encryption key in the voucher; 
5 associating the voucher with the content item, wherein the content item can be 

accessed by a device having at least one decryption key for decrypting at least one of said at 

least one encrypted first encryption key. 

75 . The method of claim 74, wherein the first encryption key is randomly chosoi. 

10 

76. The method of claim 74, wherein said at least one second encryption key is related to 
a device identifier of the device. 

77. The method of claim 74, wherein said at least one second encryption key is related to 
15 a user identifier associated with the device. 

78. The method of claim 74, wherein said at least one second encryption key is related to 
a media identifier canying the content. 

20 79. The method of claim 74, wherein said at least one second encryption key is a public 
key of the device. 

80. The method of claim 74, wherein said at least one second encryption key is a pubUc 
key related to a user of the device. 

25 

8 1 . The method of claim 74, wherein said at least one second encryption key is a public 
key associated with the media carrying the content. 

82. The method of claim 74, wherein the content item is stored on a data carrying media. 

30 

83 . The method of claim 74, wherein the device is a rendering device. 
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84. The method of claim 74, wherein the device is a storing device. 

85. A device for rendering a content item comprising: 

means for encrypting the content item with a first encryption key; 
5 means for encrypting the first encrypting key with at least one second encryption key 

to create at least one encrypted first encryption key; 

means for associating said at least one encrypted first encryption key with the 
content item; 

means for receiving the content item and said at least one encrypted first encryption 

10 key; 

means for storing the content item; 

means for storing said at least one encrypted first encryption key; 

means for storing at least one decryption key for decrypting said at least one 
encrypted first encryption key; 
15 means for decrypting said at least one encrypted first encryption key with said at 

least one decryption key; 

means for decrypting the content item with the decrypted first encryption key; 

means for rendering the decrypted content item, 

20 86. The device of claim 85, flurther comprising: 

means for selecting one of the stored decryption keys. 

87. The device of claim 85, wherein at least one of said at least one second encryption 
key is a pubhc key of the rendering device, and wherein the stored decryption key is a 

25 corresponding private key of the rendering device. 

88. The device of claim 85, wherein said at least one second encryption key is related to 
a device identifier of the rendering device. 



30 89. The device of claim 85, wherein said at least one second encryption key is related to 
a user identifier associated with the rendering device. 
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90. The device of claim 85, wherein said at least one second encryption key is related to 
a media identifier carrying the encrypted content. 

9 1 . The device of claim 85, wherein said at least one encrypted first encryption key is 
5 stored m a voucher associated with the content item. 

92. A device for rendering an encrypted content item comprising: 

means for receiving the encrypted content item and an encryption key associated 
with the encrypted content item; 
1 0 means for storing the encrypted content item; 

means for storing the encryption key associated with the encrypted content item; 

means for storing at least one decryption key for decrypting the encryption key 
associated with the encrypted content item; 

means for decrypting the encryption key associated with the encrypted content item 
1 5 with said at least one decryption key; 

means for decrypting the content item witli said decrypted content encryption key; 

means for rendering the decrypted content. 

93 . The device of claim 92, fiirther comprising: 

20 means for selecting said at least one decryption key. 

94. The device of claim 92, wherein said at least one decryption key includes a 
decryption key relating to a device identifier, a decryption key relating to a user identifier 
associated with the device, a decryption key relating to a media identifier carrying the 

25 content item, a private key associated with the device, a private key associated with the user 
of the device, or a private key associated with the media carrying the encrypted content. 

95 . The device of claim 94, wherein said at least one decryption key are tried in 
sequence for decrypting the encrypted content encryption key. 

30 

96. A system to enable a wireless device in a mobile communication environment, to 
obtain rights to protected content of a digital asset stored in any one of a plurality of content 
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servers, comprising: 

a wireless device having a device ID, sendrag a request to a network for content of a 
digital asset stored in any one of a plurality of content servers in the network, said content 
being encrypted with a content key; 
5 a DRM agent in the network receiving the request and obtaining information about 

the content ftom a voucher server in the network; 

said DRM agent sending an offer of consideration to the wireless device, including 
consideration information obtained from the voucher server; 

said DRM agent receiving an acceptance of the consideration from the wireless 
1 0 device and obtaining a voucher for the content from the voucher server; 

said wireless device receiving the voucher from the DRM agent, which it obtained 
from the voucher sei-ver, the voucher having metadata including: 

a plurality of pointers to the content in the plurality of content servers; 
use information specifying the type of use intended for the content; 
1 5 restriction information limiting usage of the content; and 

transaction information including said content key joined with a reference 
device ID for the wireless device; 

said wireless device recovering said content key if said device ID matches the 
reference device ID in the metadata; and 
20 said wireless device accessing one of said pluraUty of content servers, and decrypting 

said encrypted content with said recovered content key. 

97. The system of claim 96, which further comprises: 

said content key being joined wdth said reference device ID by performing an 
25 exclusive OR operation between said content key and said reference device ID, forming a 
key token; and 

said recovering of said content key being by performing an exclusive OR operation 
between device ID and said key token. 



30 98. The system of claim 96, which further comprises: 

said wireless device also having a user ID; 
the voucher having metadata including: 
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transaction infonnation including said content key joined with a reference 
user ID for the wireless device in addition to said content key joined with said 
reference device ID; 

said wireless device recovering said content key either if said user ID matches the 
5 reference user ID ia the metadata or if said device ID matches the reference device ID in the 
metadata; and 

said wireless device accessing one of said plurality of content servers, and decrypting 
said encrypted content with said recovered content key. 

10 99. A system to enable a v^reless device in a mobile communication environment, to 
obtain rights to protected content of a digital asset stored in any one of a pteality of content 
servers, comprisiag: 

a wireless device having a device ID, sending a request to a network for content of a 
digital asset stored ia any one of a plurality of content servers in the network, 
15 a DRM agent in the network receiving the request and obtaining information about 

the content from a voucher server in the network; 

said DRM agent sending an offer of consideration to the wireless device, including 
consideration infomiation obtained from the voucher server; 

said DRM agent receiving an acceptance of the consideration from the wireless 
20 device and obtaining a voucher for the content from the voucher server; 

said voucher server joining said content key with a reference device ID for the 
wireless device as a first key token, and appending the first key token to the content; 

said wireless device receiving the voucher from the DRM agent, which it obtained 
from the voucher server, the voucher having metadata including: 
25 a plurality of pointers to the content in the plurality of content servers; 

use infomiation specifying the type of use intended for the content; 
restriction information limiting usage of the content; and 
transaction information for the wireless device; 
said wireless device accessing one of said pluraUty of content servers in response to 
30 the metadata; 

said wireless device recovering said content key if said device ID matches the 
reference device ID in the first key token; and 
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said wireless device decrypting said encrypted content with said recovered content 

key, 

1 00. The system of claim 99, which further comprises : 

5 said content key being joined with said reference device ID by performing an 

exclusive OR operation between said content key and said reference device ID, fommig said 
first key token; and 

said recovering of said content key being by performing an exclusive OR operation 
between device ID and said first key token. 

10 

101. The system of claim 99, which further comprises: 
said wireless device also having a user ID; 

said voucher server joining said content key with a reference user ID for the wireless 
device as a second key token, and appending the second key token to the content; 
1 5 said wireless device accessing one of said plurality of content servers in response to 

the metadata; 

said wireless device recovering said content key either if said user ID matches the 
reference user ID in the second key token or if said device ID matches the reference device 
ID in the first key token; and 
20 said wireless device decrypting said encrypted content with said recovered content 

key. 

1 02 . The system of claim 99, which further comprises : 
said content also having a media ID; 

25 the voucher having metadata including: 

transaction information including a second key token including said content 
key joined with a reference media ID for the content; 

said wireless device accessing one of said plurality of content servers in response to 
the metadata; 

3 0 said wireless device recovering said content key either if said media ID matches the 

reference media ID in the second key token or if said device ID matches the reference device 
ID in the first key token; and 



wo 03/005145 



122 



PCT/IB02/02591 



said wireless device decrypting said encrypted content with said recovered content 

key. 

103. The system of claim 102, which further comprises: 

5 said content key being joined with said reference device ID by performing an 

exclusive OR operation between said content key and said reference device ID, forming the 
first key token; and 

said recovering of said content key being by performing ati exclusive OR operation 
between device ID and said first key token. 

10 

1 04. The system of claim 103, which fiirther comprises: 

said content key being joined with said reference media ID by performing an 
exclusive OR operation between said content key and said reference media ID, forming the 
second key token; and 

1 5 said recovering of said content key being by performing an exclusive OR operation 

between media ID and said second key token. 

1 05. A system to enable a wireless device in a mobile communication environment, to 
obtain rights to encrypted content of a digital asset stored in any one of a plurality of content 

20 servers, comprising: 

at least one of a plurality of content servers in a network storing content of a digital 
asset encrypted under a content key; 

a wireless device having a pubhc key, sending a request to the network for the 
content, the request including the public key; 
25 a voucher server in the network, forming a key token by encrypting the content key 

with the pubhc key; 

said wireless device receiving a voucher fix>m the voucher server, the voucher having 
metadata including: 

at least one pointer to the content in at least one of tfie plurahty of content 

30 servers; 

use information specifying the type of use intended for the content; 
restriction information limiting usage of the content; and 
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transaction information including said key token; 
said wireless device recovering said content key at the wireless device by decrypting 
the key token with the wireless device's private key; 

said wireless device accessing one of said plurality of content servers using said 
5 metadata; and 

said wireless device decrypting said encrypted content with said recovered content 

key. 

106. A system to enable a wireless device in a mobile communication environment, to 
1 0 obtain rights to encrypted content of a digital asset stored in any one of a plurality of content 
servers, comprising: 

at least one of a plurality of content servers in a network storing content of a digital 
asset encrypted under a content key; 

a wireless device having a public key, sending a request to the network for the 
1 5 content, the request including the public key; 

voucher server in the network, forming a key token by encrypting the content key 
with the pubhc key; 

a DRM agent in the network, which forwards the request to the voucher server; 
said wireless device receiving an offer of consideration from the DEM agent, 
20 including consideration information obtained by the DRM agent from the voucher server; 

said wireless device sending an acceptance of the consideration to the DRIVE agent, 
which obtains a voucher for the content from the voucher server; 

said voucher server forming a key token in the voucher by encrypting the content 
key with the pubUc key; 
25 said wireless device receivhig the voucher having metadata including: 

at least one pointer to the content in at least one of the plurality of content 

servers; 

use information specifying the type of use intended for the content; 
restriction mformation limiting usage of the content; and 
3 0 transaction information including said key token; 

said wireless device recovering said content key by decrypting the key token with 
the wireless device's private key; 



wo 03/005145 



124 



PCT/IB02/02591 



said wireless device accessing one of said plurality of content servers using said 
metadata; and 

said wireless device decrypting said encrypted content with said recovered content 

key. 

5 

107. A system to enable a wireless device in a mobile communication environment, to 
obtain rights to encrypted content of a digital asset stored in any one of a plurality of content 
servers, comprising: 

at least one of a plurality of content servers in a network storing content of a digital 
10 asset encrypted under a content key; 

a wireless device having a pubUc key, sending a request to the network for the 
content, the request including the public key; 

voucher server in the network, forming a key token by encrypting the content key 
with the public key; 

15 said voucher server storing the key token with the encrypted content in at least one of 

the plurality of content servers in the network; 

said wireless device receiving a voucher from the voucher server, the voucher having 

metadata including: 

at least one pointer to the content in at least one of the plurality of content 

20 servers; 

use information specifying the type of use intended for the content; 
restriction information limiting usage of the content; and 
transaction information; 
said wireless device accessing one of said pluraUty of content servers using said 
25 metadata; 

said wireless device recovering said content key by decrypting the key token with 
the wireless device's private key; and 

said wireless device decrj^ting said encrypted content witli said recovered content 

key. 

30 

108. A system to enable a wireless device in a mobile communication environment, to 
obtain rights to encrypted content of a digital asset stored in any one of a pluraUty of content 
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servers, comprising: 

at least one of a plurality of cxDiitent servers in a network storing content of a digital 
asset encrypted under a content key; 

a wireless device having a public key, sending a request to the network for the 
5 content, the request includiag the public key; 

a DRM agent in the network, which receives the request; 
said wireless device receiving an offer of consideration from the DRM agent, 
iacluding consideration information obtained by the DRM agent from the voucher server; 
said wireless device sending an acceptance of the consideration to the DRM agent, 
10 which obtains a voucher for the content from the voucher server; 

said voucher server forming a key token by encrypting the content key with the 
public key and storing the key token with the encrypted content ia at least one of the 
plurahty of content servers in the network; 

said wireless device receiving the voucher at the wireless device, the voucher having 
1 5 metadata iacluding: 

at least one pointer to the content in at least one of the plurality of content 

servers; 

use information specifying the type of use iutended for the content; 
restriction iufoimation limiting Xisage of the content; and 
20 transaction information; 

said wireless device accessing one of said plurality of content servers using said 
metadata; 

said wireless device recovering said content key by decrypting the key token with 
the wireless device* s private key; and 
25 said wireless device decryptiag said encrypted content with said recovered content 

key. 

1 09. A system to enable a wireless device in a mobile communication envfronment, to 
obtain rights to encrypted content of a digital asset stored in any one of a plurality of content 
30 servers, comprising: 

at least one of a plurality of content servers in a network storing content of a digital 
asset encrypted under a content key; 
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a wireless device having a shared symmetric key, senduig a request to the network 
for the content; 

a voucher server in the network, forming a key token by encrypting the content key 
with the shared symmetric key; 
5 said wireless device receiving a voucher firom the voucher server, the voucher having 

metadata including: 

at least one pointer to the content in at least one of the pluraUty of content 

servers; 

use information specifying the type of use intended for the content; 
1 0 restriction information limiting usage of the content; and 

transaction information iucludiug said key token; 
said wireless device recovering said content key by decrypting the key token with 
the wireless device's shared symmetric key; 

said wireless device accessing one of said plurality of content servers using said 
15 metadata; and 

said wireless device decrypting said encrypted content with said recovered content 

key, 

110. A system to enable a wireless device in a mobile communication environment, to 
20 obtain rights to encrypted content of a digital asset stored iu any one of a plurahty of content 
servers, comprising: 

at least one of a plurality of content servers in. a network storing content of a digital 
asset encrypted under a content key; 

a wireless device having a shared symmetric key, sending a request to the network 
25 for the content; 

a DRM agent in the network, which receives the request; 

said wireless device receiviug an offer of consideration from the DRM agent, 
including consideration information obtained by the DRM agent from a voucher server; 

said wireless device sending an acceptance of the consideration to the DRM agent, 
3 0 which obtains a voucher for the content from the voucher server; 

said voucher server forming a key token in the voucher by encrypting the content 
key with the shared symmetric key; 
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said wireless device receiving the voucher having metadata iricludirig: 

at least one pointer to the content in at least one of the plurality of content 

servers; 

use information specifying the type of use intended for the content; 
5 restriction information lirmtiag usage of the content; and 

transaction information including said key token; 
said wireless device recovering said content key by decrypting the key token with 
the wireless device's shared symmetric key; 

said wireless device accessing one of said plurality of content servers using said 
10 metadata; and 

said wireless device decrypting said encrypted content with said recovered content 

key, 

111. A system to enable a wireless device in a mobile commimication environment, to 
1 5 obtain rights to encrypted content of a digital asset stored in any one of a plurality of content 
servers, comprising: 

at least one of a plurahty of content servers in a network storing content of a digital 
asset encrypted under a content key; 

a wireless device having a shared symmetric key, sending a request to the network 

20 for the content; 

a voucher server forming a key token by encrypting the content key with the shared 

symmetric key; 

said voucher server storing the key token with the encrypted content in at least one of 
the plurality of content servers in the network; 
25 said wireless device receiving a voucher at the wireless device from the voucher 

server, the voucher having metadata including: 

at least one pointer to the content in at least one of the plurahty of content 

servers; 

use information specifying the type of use intended for the content; 
30 restriction infomiation limiting usage of the content; and 

transaction information; 
said wireless device accessing one of said plurality of content servers using said 
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metadata; 

said wireless device recovering said content key by decrypting the key token with 
the wireless device's shared syn^metric key; and 

said wireless device decrypting said encrypted content with said recovered content 

5 key. 

112. A system to enable a wireless device in a mobile communication environment, to 
obtain rights to encrypted content of a digital asset stored in any one of a plurality of content 
servers, comprising: 

10 at least one of a plurality of content servers in a network storing content of a digital 

asset encrypted under a content key; 

a wireless device having a shared symmetric key, sending a request to the network 
for the content; 

a voucher server forming a key token by encrypting the content key with the shared 
1 5 symmetric key; 

said voucher server storing the key token with the encrypted content in at least one of 
the plurality of content servers in the network; 

a DRM agent in the network, which receives the request; 
said wireless device receiving an offer of consideration firom the DRM agent, 
20 including consideration information obtained by the DRM agent firom the voucher server; 

said wireless device sending an acceptance of the consideration to the DRM agent, 
which obtains a voucher for the content firom the voucher server; 

said voucher server forming a key token by encrypting the content key with the 
shared symmetric key and storing the key token with the encrypted content in at least one of 
25 the plurality of content servers in the network; 

said wireless device receiving the voucher having metadata including: 

at least one pointer to the content in at least one of the plurality of content 

servers; 

use information specifying the type of use intended for the content; 
3 0 restriction information limiting usage of the content; and 

transaction information; 
said wireless device accessing one of said plurality of content servers using said 
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metadata; 

said wireless device recovering said content key by decrypting the key token with 
the wireless device's shared symmetric key; and 

said wireless device decrypting said encrypted content with said recovered content 

5 key. 

113. A system to enable a wireless device in a mobile communication environment, to 
obtain rights to encrypted content of a digital asset stored in a tangible medium, comprising: 

a tangible medium having a media ID, storing the encrypted content of the digital 
1 0 asset, said content being encrypted with a content key; 

a wireless device sending a request for the content, the request being sent to a 
network; 



including consideration information obtained by the DRM agent firom the voucher server; 

said wireless device sending an acceptance of the consideration to the DRM agent, 
which obtains a voucher for the content firom the voucher server; 

said voucher server joining the content key with a reference media ID for the 
20 tangible medium as a key token; 

said wireless device receiving the voucher firom the DRM agent, which it obtained 
firom the voucher server, the voucher having metadata including: 



15 



a DRM agent in the network, which receives the request; 
a voucher server in the network; 

said wireless device receiving an offer of consideration firom the DRM agent. 



25 



a plurahty of pointers to the content in the plurality of content servers; 
use information specifying the type of use intended for tiie content; 
restriction infonnation limiting usage of the content; and 



transaction information including the key token; 
said wireless device obtaining the tangible medium; 

said wireless device recovering said content key if said media ID matches the 



reference media ID in the key token; and 



30 



said wireless device decrypting said encrypted content with said recovered content 



key. 
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114. The system of claim 113, which further comprises: 

said content key being joined with said reference media ID by performing an 
exclusive OR operation between said content key and said reference media ID, forming said 
key token; and 

5 said recovering of said content key being by performing an exclusive OR operation 

between the media ID and said key token. 

115. The system of claim 113, wherein the content is transferred on a tangible medium 
such as a CD ROM or a floppy disk. 

10 

116. A method for enabhng a wireless device in a mobile communication environment to 
obtain rights to protected content of a digital asset, the digital asset being downloaded to the 
wireless device firom any one of a plurality of content servers, the digital asset comprising a 
content ID, content encrypted with a content key and information on obtaining rights to the 

1 5 content being expressed in a voucher generated by a voucher server in the network, 
comprising: 

sending a request for a voucher for the said content to a DRM agent, the DRM agent 
being able to communicate with the voucher server and with at least one of a plurality of 
pa3/ment servers designated by the terminal for payment transactions; 
20 receiving an offer of consideration from the DRM agent including consideration 

information obtained by the DRM agent from the voucher server; 

sendiQg an acceptance of the consideration to the DRM agent, which after completed 
payment transactions obtains a voucher for the content from the voucher server; 

receiving tbe voucher from the DRM agent, which it obtained from the voucher 
25 server, the voucher having metadata includiag: 

identification information of the content associated with the voucher; 
use information specifying the type of use intended for the content; 
restriction information limiting usage of the content; and 
transaction information including said content key; and 
30 enabling the wireless device to decrypt said encrypted content with said content key. 

117. The method of claim 116, wherein the wireless device includes a device ID and 
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wherein the voucher includes metadata having transaction information including said 
content key joined with a reference device ID for the wireless device, further comprising: 

recovering said content key if said device ID matches Ihe reference device ID in the 
metadata; and 

5 enabling the wireless device to decrypt said encrypted content with the said 

recovered content key. 

118. The method of claim 116, wherein the wireless device includes a user ID and 
wherein the voucher includes metadata having transaction information including said 

1 0 content key joined with a reference user ID for the wireless device, further comprising: 

recovering said content key if said user ID matches the reference user JD in the 
metadata; and 

enabling the wireless device to decrypt said encrypted content with the said 
recovered content key. 

15 

119. A system for enabling a wireless device in a mobile communication environment to 
obtain rights to protected content of a digital asset, the digital asset being downloaded to the 
wireless device from any one of a plurahty of content servers, the digital asset comprising a 
content ID, content encrypted with a content key and information on obtaining rights to the 

20 content being expressed in a voucher generated by a voucher server in the network, 
comprising: 

a memory device; and 

a processor disposed in communication with the memory device, the processor 
configured to: 

25 send a request for a voucher for the said content to a DRM agent, the DRM 

agent being able to communicate with the voucher server and with at least one of a 
plurality of payment servers designated by the terminal for payment transactions; 

receive an offer of considemtion from the DRM agent including 
consideration infomiation obtained by the DRM agent from the voucher server; 

30 send an acceptance of the consideration to the DRM agent, which after 

completed payment transactions obtains a voucher for the content from the voucher 
server; 
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receive the voucher from the DRM agent, which it obtained from the voucher 
server, the voucher having metadata including: 

identification information of the content associated with the voucher; 
use information specifying the type of use intended for the content; 
5 restriction information limiting usage of the content; aad 

transaction uiformation including said content key; aad 
enable the wireless device to decrypt said encrypted content with said content 

key. 

10 1 20 . The system of claim 119, wherein the wireless device iucludes a device ID and 
wherein the voucher includes metadata having traasaction information includiag said 
content key joined with a reference device ID for the wueless device, the processor further 
configured to: 

recover said content key if said device ID matches the reference device ID in the 
15 metadata; and 

enable the wireless device to decrypt said encrypted content with the said recovered 
content key. 

121. The system of claim 119, wherein the wireless device includes a user ID and wherein 
20 the voucher includes metadata having transaction information including said content key 

joined with a reference user ID for the wireless device, the processor is further configured to: 

recover said content key if said user ED matches the reference user ID in the 
metadata; and 

enable the wireless device to decrypt said encrypted content with the said recovered 
25 content key. 

122. A computer program product for enabling a wireless device in a mobile 
communication environment to obtain rights to protected content of a digital asset, the 
digital asset being downloaded to the wireless device from any one of a plurality of content 

30 servers, the digital asset comprising a content ID, content encrypted with a content key and 
information on obtaining rights to the content being expressed in a voucher generated by a 
voucher server in the network, comprising: 
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a computer readable medium; 

program code in said computer readable medium for sending a request for a voucher 
for the said content to a DRM agent, the DRM agent being able to communicate with the 
voucher server and with at least one of a plurality of payment servers designated by the 
5 terminal for payment transactions; 

program code in said computer readable mediimi for receiving an offer of 
consideration from the DRM agent including consideration information obtained by the 
DRM agent from the voucher server; 

program code in said computer readable medium for sending an acceptance of the 
1 0 consideration to the DRM agent, which after completed payment transactions obtains a 
voucher for the content from the voucher server; 

program code in said computer readable medium for receiving tlie voucher from the 
DRM agent, which it obtained from the voucher server, the voucher having metadata 
including: 

1 5 identification information of the content associated with the voucher; 

use infonnation specifying the type of use intended for the content; 
restriction information limiting usage of the content; and 
transaction information including said content key; and 
program code in said computer readable medium for enabling the wireless device to 

20 decrypt said encrypted content with said content key. 

1 23 . The computer program product of claim 1 22, wherein the wireless device includes a 
device ID and wherein the voucher includes metadata having transaction information 
including said content key joined with a reference device ID for tlie wireless device, ftirther 

25 comprising: 

program code in said computer readable medium for recovering said content key if 
said device ID matches the reference device ID in the metadata; and 

program code in said computer readable medium for enabling the wireless device to 
decrypt said encrypted content with the said recovered content key. 

30 

124. The computer program product of claim 122, wherein the wireless device includes a 
user ID and wherein the voucher includes metadata having transaction infonnation including 
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said content key joined with, a reference user ID for the wireless device, further comprising: 
program code in said computer readable medium for recovering said content key if 

said user ID matches the reference user ID in the metadata; and 

program code m said computer readable medium for enabhng the wireless device to 
5 decrypt said encrypted content with the said recovered content key. 

125. A method for enabling a wireless device in a mobile communication environment to 
obtain rights to protected content of a digital asset, the digital asset beiag downloaded to the 
wireless device from any one of a plurality of other wireless devices, the digital asset 

1 0 comprising a content ID, content encrypted with a content key and information on obtaining 
rights to the content being expressed in a voucher generated by a voucher server in the 
network, comprising: 

sending a request for a voucher for the said content to a DRM agent, the DRM agent 
being able to comnnmicate with the voucher server and with at least one of a plurality of 
1 5 payment servers designated by the terminal for payment transactions; 

receiving an offer of consideration from the DRM agent including consideration 
information obtained by the DRM agent from the voucher server; 

sending an acceptance of the consideration to the DRM agent, which after completed 
payment transactions obtains a voucher for the content from the voucher server; 
20 receiving the voucher from the DRM agent, which it obtained from the voucher 

server, the voucher having metadata including: 

identification information of the content associated with the voucher; 
use information specifying the type of use intended for the content; 
restriction information limiting usage of the content; and 
25 transaction information including said content key; and 

enabling the wireless device to decrypt said encrypted content with said content key. 

126. The method of claim 125, wherein the wireless device includes a device ID and 
wherein the voucher includes metadata having transaction information including said 

30 content key joined with a reference device ID for the wfreless device, further comprising: 

recovering said content key if said device ID matches the reference device ID in the 
metadata; and 
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enabling the wireless device to decrypt said encrypted content with the said 
recovered content key. 

127. The method of claim 125, wherein the wireless device includes a user ID and 
5 wherein the voucher includes metadata having transaction information including said 

content key joined with a reference user ID for the wireless device, further comprising: 
recovering said content key if said user ID matches the reference user ID in the 
metadata; and 

enabling the wireless device to decrypt said encrypted content with the said 
1 0 recovered content key. 

128. A system for enabling a wireless device ia a mobile communication environment to 
obtain rights to protected content of a digital asset, the digital asset being downloaded to the 
wireless device from any one of a plurality of other wireless devices, tlie digital asset 

15 comprising a content ID, content encrypted with a content key and information on obtaining 
rights to the content being expressed in a voucher generated by a voucher server in the 
network, comprising: 

a memory device; and 

a processor disposed in communication with the memory device, the processor 
20 configured to: 

send a request for a voucher for the said content to a DRM agent, the DRM 
agent being able to communicate with the voucher server and with at least one of a 
plurality of payment servers designated by the terminal for payment transactions; 

receive an offer of consideration from the DRM agent including 
25 consideration information obtained by the DRM agent from the voucher server; 

send an acceptance of the considemtion to the DRM agent, which after 
completed payment transactions obtains a voucher for the content fix)m the voucher 
server; 

receive the voucher from the DRM agent, which it obtained from the voucher 
3 0 server, the voucher having metadata including: 

identification information of the content associated with the voucher; 
use information specifying the type of use intended for the content; 
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restriction information limiting usage of the content; and 
transaction information including said content key; and 
enable the wireless device to decr}pt said encrypted content with said content 

key. 

5 

129. The system of claim 128, wherein the wireless device includes a device ID and 
wherein the voucher includes metadata having transaction information including said 
content key joined with a reference device ID for the wireless device, the processor further 
configured to: 

1 0 recover said content key if said device ID matches the reference device ID in the 

metadata; and 

enable the wireless device to decrypt said encrypted content vnth the said recovered 
content key. 

15 130. The system of claim 128, wherein the wireless device includes a user ID and wherein 
the voucher includes metadata having transaction infonnation including said content key 
joined with a reference user ID for the wireless device, the processor further configured to: 

recover said content key if said user ID matches the reference user ID in the 
metadata; and 

20 enable the wireless device to decrypt said encrypted content with the said recovered 

content key. 

131. A computer program product for enabling a wireless device in a mobile 
communication environment to obtain rights to protected content of a digital asset, the 

25 digital asset being downloaded to the wireless device from any one of a plurality of other 
wireless devices, the digital asset comprising a content ID, content encrypted with a content 
key and information on obtaining rights to the content being expressed in a voucher 
generated by a voucher server in the network, comprising: 
a computer readable medium; 

30 program code in said computer readable medium for sending a request for a voucher 

for the said content to a DRM agent, the DRM agent being able to communicate with the 
voucher server and with at least one of a plurality of payment servers designated by the 
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termiiial for payment transactions; 

program code in said computer readable medium for receiving an offer of 
consideration from the DRM agent including consideration information obtained by the 
DRM agent from the voucher server; 
5 program code in said computer readable medium for sending an acceptance of the 

consideration to the DRM agent, which after completed payment transactions obtains a 
voucher for the content from the voucher server; 

program code in said computer readable medium for receiving the voucher from the 
DRM agent, which it obtained from the voucher server, the voucher having metadata 
10 including: 

identification information of the content associated with the voucher; 
use iaformation specifying tlae type of use intended for the content; 
restriction information limiting usage of the content; and 
transaction information including said content key; and 
15 program code in said computer readable medium for enabling the wireless device to 

decrypt said encrypted content with said content key. 

132. The computer program product of claim 131, wherein the wireless device includes a 
device ID and wherein the voucher includes metadata having transaction information 

20 including said content key joined with a reference device ID for the wireless device, frirther 
comprising: 

program code in said computer readable medium for recovering said content key if 
said device ID matches the reference device ID in the metadata; and 

program code in said computer readable medium for enabling the wireless device to 
25 decrypt said encrypted content with the said recovered content key. 

133. The computer program product of claim 131, wherein the wireless device includes a 
user ID and wherein the voucher includes metadata having transaction information including 
said content key joined with a reference user ID for the wireless device, ftirther comprising: 

30 program code in said computer readable medium for recovering said content key if 

said user ID matches the reference user ID in the metadata; and 

program code in said computer readable medium for enabling the wireless device to 
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decrypt said encrypted content with the said recovered content key, 

1 34. A method for creating a digital asset for downloading to a wireless device jfrom one 
of a plurality of content servers in a network, comprising: 

5 storing a piece of digital content at one of the plurality of content servers; 

sending the digital content to a voucher server in the network; 
sending information associated with the content including: 

information specifying the type of use intended for the content; 
information specifying restrictions, which limit usage of the content; 
10 information specifying payment and payment transactions associated to the 

use and restrictions to the use of the content; 

receiving the digital content with the associated information at the voucher server; 
creating at the voucher server a content ID for the content; 

encapsulating the digital content into a protected format by encrypting it witli a key; 
1 5 creating at least one voucher template for the digital content, the voucher template 

having metadata including received infoimation associated with Hie content, the voucher 
template being used for generating a voucher for the content; 

storing at the voucher server the content ID and the created voucher template 
associated with the content; 
20 sending the digital asset comprising content ID, encrypted content, and information 

on the voucher server to one of the pluraUty of content servers; and 
registering the digital asset at the content server. 

135. A system for creating a digital asset for downloading to a wireless device fix)m one 
25 of a pluraUty of content servers in a network, comprising: 

a memory device; and 

a processor disposed in communication with the memory device, the processor 
configured to: 

store a piece of digital content at one of the plurality of content servers; 
30 send the digital content to a voucher server in the network; 

send information associated with the content including: 

information specifying the type of use intended for the content; 
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information specifying restrictions, which limit usage of the content; 

information specifying payment and payment transactions associated 
to the use and restrictions to the use of the content; 
receive the digital content with the associated information at the voucher 

5 server; 

create at the voucher server a content ID for the content; 

encapsulate the digital content into a protected format by encrypting it with a 

key; 

create at least one voucher template for the digital content, the voucher 
1 0 template having metadata including received information associated with the 

content, the voucher template being used for generating a voucher for the content; 

store at the voucher server the content ID and the created voucher template 
associated with the content; 

send the digital asset comprising content ID, encrypted content, and 
1 5 information on the voucher server to one of the plurality of content servers; and 

register the digital asset at the content server. 

1 36. A computer program product for creating a digital asset for downloading to a 
wireless device from one of a plurality of content servers in a network, comprising: 
20 a computer readable medium; 

program code in said computer readable medium for storing a piece of digital 
content at one of the plurality of content servers; 

program code in said computer readable medium for sending the digital content to a 
voucher server in the network; 
25 program code in said computer readable medium for sending information associated 

with the content including: 

information specifying the type of use intended for the content; 
information specifying restrictions, which limit usage of the content; 
information specifying payment and payment transactions associated to the 
30 use and restrictions to the use of the content; 

program code in said computer readable medium for receiving the digital content 
with the associated information at the voucher server; 
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program code in said computer readable medium for creating at the voucher server a 

content ID for the content; 

program code in said computer readable medium for encapsulating the digital 
content into a protected format by encrypting it with a key; 
5 program code ia said computer readable medium for creating at least one voucher 

template for the digital content, the voucher template having metadata racluding received 
information associated with the content, the voucher template bemg used for generating a 
voucher for the content; 

program code in said computer readable medium for storing at the voucher server the 
10 content ID and the created voucher template associated with the content; 

program code rti said computer readable mediiun for sending the digital asset 
comprising content ID, encrypted content, and rnformation on the voucher server to one of 
the plurality of content servers; and 

program code in said computer readable medium for registering the digital asset at 
15 the content server. 

137. A method for generating a voucher at the voucher server comprising: 

receiving a request for a voucher from a DRM agent, the request comprising content 

ID; 

20 sending an offer of consideration to tiie DRM agent, the offer comprising 

information obtained from at least one of voucher templates associated with the requested 
content, the voucher templates bemg stored at the voucher server; 

receiving from the DRM agent acceptance of the consideration; 

generating a voucher corresponding to the acceptance of consideration, the voucher 

25 having metadata including: 

identification information of the content associated with the voucher, 
use information specifying the type of use intended for the content; 
restriction information Hmiting usage of the content; and 
transaction information including said content key; and 

3 0 sending the voucher to the DRM agent. 

138, The method of claim 137, further comprising: 
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teceiving in the request for a voucher identification information comprising at least 
one of the following: 

an ID of a voucher requesting wireless device; 
an ID of a voucher requesting user; and 
5 an ID of the voucher requesting DKM agent; 

associating the generated voucher with received identification information 
comprising at least one of the following: 

an ID of a voucher requesting wireless device; 
an ID of a voucher requesting user; 
10 an ID of the voucher requesting DRM agent; and 

a voucher generating date and time; and 
storing the generated voucher at the voucher server together with the associated 
identification information. 



15 139. A system for generating a voucher at the voucher server comprising: 

a memory device; and 

a processor disposed in communication with the memory device, the processor 
configured to: 

receive a request for a voucher firom a DRM agent, the request comprising 
20 content ID; 

send an offer of consideration to the DRM agent, the offer comprising 
information obtained firom at least one of voucher templates associated with the 
requested content, the voucher templates being stored at the voucher server; 
receive j5:om the DRM agent acceptance of the consideration; 
25 generate a voucher corresponding to the acceptance of consideration, the 

voucher having metadata including: 

identification information of the content associated with the voucher; 
use information specifying the type of use intended for the content; 
restriction information limiting usage of the content; and 
30 transaction information including said content key; and 

send the voucher to the DRM agent. 
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140. The system of claim 139, the processor further configured to: 

receive in the request for a voucher identification information comprising at least one 
of the following: 

an ID of a voucher requesting wireless device; 
5 an ID of a voucher requesting user; and 

an ID of the voucher requesting DRM agent; 
associate the generated voucher with received identification information comprising 
at least one of the following: 

an ID of a voucher requestiag wireless device; 
10 an ID of a voucher requestiag user; 

an ID of the voucher requesting DRM agent; and 
a voucher generatiug date and time; and 
store the generated voucher at the voucher server together with the associated 
identification information, 

15 

14 L A computer program product for generating a voucher at the voucher server 
comprising: 

a computer readable medium; 

program code in said computer readable medium for receiving a request for a 
20 voucher from a DRM agent, the request comprising content ID; 

program code in said computer readable medixnn for sending an offer of 
consideration to the DRM agent, the offer comprising information obtained fi:om at least one 
of voucher templates associated with the requested content, flie voucher templates being 
stored at the voucher server; 
25 program code in said computer readable medium for receiving from the DRM agent 

acceptance of the consideration; 

program code in said computer readable medium for generating a voucher 
corresponding to the acceptance of consideration, the voucher having metadata including: 

identification information of the content associated with the voucher; 
30 use information specifying the type of use intended for the content; 

restriction infoimation limiting usage of the content; and 
transaction information including said content key; and 
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program code in said computer readable medium for sending the voucher to the 
DRM agent. 

1 42. The computer program product of claim 141, further comprising: 
5 program code in said computer readable medium for receiving in the request for a 

voucher identification information comprising at least one of the following: 

an n) of a voucher requesting wireless device; 
an ID of a voucher requesting user; and 
an ID of the voucher requesting DRM agent; 
10 program code in said computer readable medium for associating the generated 

voucher with received identification information comprising at least one of the following: 

an ID of a voucher requesting wireless device; 
an ID of a voucher requesting user; 
an ID of the voucher requesting DRM agent; and 
15 a voucher generating date and time; and 

program code in said computer readable medium for storing the generated voucher at 
the voucher server together with the associated identification information. 
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NOKIA RIGHTS VOUCHER 



310 

META INFORMATION 



312 

VERSION SEGMENT 



314 

ADMINISTRATIVE SEGMENT 



316 
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1 <?xml version="l . 0" encoding="UTF~8 " ?> 

2 <1D0CTYPE rights SYSTEM "C : \MRV1 . 0- subset C . dtd" > 

3 <rights xmlns :xlink="MRVl . 0 . 3 " xmlns= "MRVl . 0 . 3 " > 

4 <version>l . 0 . 3</version> 

5 <admin><uid>ht tp : / /www . media- sampo . com/ ScreenSaverService 

6 </uid> 

7 </admin> 

8 <transaction>TID : 3457345987-6789-9</transaction> 

9 <usage> 

10 <asset> 

11 <uid>mid: tropicalsunset - 345658347@digitals]aop . com 

12 </uid> 

13 < ! --<protection> 

14 content protection would go here 

15 < /protect ion>- -> 

16 </asset> 

17 <asset> 

18 <uid>mid:underwaterdivert . 345658347@digitalshop .com 

19 </uid> 

2 0 < ! --<protection> 

21 content protection would go here 

22 </protection>--> 

23 </asset> 

24 <display></display> 

2 5 <copy><constrain><datetime><end>2 001083 0</end> 

26 </datetime> 

2 7 </constrain> 

2 8 <narrow> 

29 <uid>mid:previewvoucher . 343453344@digitalshop . com 

3 0 </uid> 

31 </narrow> 

32 </copy> 

3 3 <const rainx individual > 

34 <uid>IMEI : 123456789123459</uid> 

3 5 </ individual > 

3 6 </constrain> 

3 7 </usage> 

3 8 < I --<protection> 

39 The integrity would go here 

40 </protection>- -> 

41 </rights> 
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Element 



< I ELEMENT rights (version? , admin? , transaction? , 
usage+, protection?) > 



Attributes 



<IATTLIST rights 

xmlns:xlink CDATA #IMPLIED 
xmlns CDATA #IMPLIED> 



Purpose 



The top-most XML element that starts the 
description of a Mobile Rights Voucher , 



Description 



At the top level declare : 

- Zero or one version elements to indicate the 
Mobile Rights Voucher version number. 

• Zero or one admin elements to specify addresses 
where additional vouchers can be found. 

■ Zero or one transaction information elements 

• One or more usage elements to bind together an 
asset and its usage rights. 

• Zero or one protection elements to serve as an 
integrity check for the voucher. 

The attribute of this element MAY declare the 
namespace for the DTD as "mrvlO". 



Example 



<rights xmlns= "mrvl . 0 . 3 " > 
< /right s> 



ODRL 

compliance 



Additions 
Deletions 



The transaction and protection elements 
The right sholder, name, and remark 
elements . 
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Element 


< i ELEMENT version (#PCDATA) > 


Attributes 


None 


Purpose 


Declares the version number of the specification 
used to define the Mobile Rights Voucher. 


Description 


The element type SHOULD be specified in the Mobile 
Rights Voucher format. If absent, then assumed to 
be "1.0". 


Example 


<version>l . 0 . 0</version> 


ODRL 

compliance 


Does not exist in ODRL. 
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Element 


< I ELEMENT admin (uid+)> 


Attributes 


None 


Purpose 

1 


Identifies Voucher Server references where a 
consumer can retrieve additional Mobile Rights 
Vouchers - 


Description 


The admin element MUST contain one or more uid. 
Each uid SHOULD point to a Voucher Service where 
additional vouchers may be purchased for the 
identified assets- It would be typical that the 
uid would be a uniform resource identifier ("URI") . 


Example 


< admin > 

<uid>http : / /www. media -sampo . com/ringingtoneservice 
</uid> 
</ admin> 


ODRL 

compliance 


Deletions: The party, datetime, issuedate, name, 

and remark elements . 
Modified: uid? -> uid+ 
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Element 


< I ELEMENT uid (# PCDATA ) > 


Attributes 


None 


Purpose 


The uid is a reference to an entity that is located 
outside of the Voucher. This entity can be any 
type of ob j ect . 


Description 


The uid element MUST represent a generic identity 
that references an entity located outside the 
voucher. Such a reference MUST BE a uniform 
resource identifier ("URI") . An entity can be as 
simple as a uniform resource locator ("URL") to a 
Voucher Service (see element admin in Figure 4C) . 


Example 


<uid> 

http : //www.media-sampo . com/ ringingtoneservice 
</uid> 


ODRL 

compliance 


In the ODRL specification an attribute is used to 
capture the idscheme. This is removed and defaults 
to URI. 
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Element 


<1 ELEMENT transaction (#PCDATA) > 


Attributes 


None 


Purpose 


Purchase transaction information SHOULD BE captured 
in this element . 


Description 


The transaction element is a container for meta- 
information for transaction related information 
that might be useful to deliver in the voucher. 
This IS implementation specific. An example could 
be specific payment -transaction information. 


Example 


<transaGtiQn> 
<transaction xmlns="visa-transaction" > 

• mm 

< / transact ion> 
</transaction> 


ODRL 

compliance 


Does not exist in ODRL. 
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Element 


< ! ELEMENT protection (#PCDATA) > 


Attributes 


None 


Purpose 


Contains information about bow an asset or voucher 

d _L. J_ V-^* U.. v_- v-. CvlXXV^A XXV_/W U^XxC Y ^CLJLX Ji^C OL O O w vjL \ ■ • / 

encryption algorithm and decryption keys) - 


Description 


The protection element is a container for meta- 
information for protection related information that 
might be transmitted with the voucher. 


Example 


See the examples in the specification. 


ODRL 

compliance 


Does not exist in ODRL. 
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Element 



<1 ELEMENT usage (assets , print*, display*, play*, 
execute*, copy*, give*, constrain?) > 



Attributes 



None 



Purpose 



Declares the intents and constraints for an asset 



Description 



A usage element MUST contain: 

• One or more asset elements. 

• Zero or more of each intent type (print, 
display, play, execute, copy and give) , 

- Zero or one constrain elements that should be 
applied to each intent - 

NOTE: If there are multiple assets then the 
associated intent elements in a usage element are 
applied equally to all those assets. This is 
required by ODRL. ODRL supports the flexibility of 
being able to declare more than one instance of an 
intent in a usage element . 

NOTE: If there are no intent elements included in a 
usage declaration, then it should be assumed that 
no rights are granted and the asset and content 
should not be made available for rendering or 
distribution by the user. 

NOTE: If no asset elements are declared then an 
implicit reference MUST BE made to the associated 
content ob j ect . 



Example 



See the examples in the specification. 



ODRL 

compliance 



Deletions: The rightsholder , sell, lend, modify, 

annotate, name and remark elements. 
Modified: asset* -> asset+, 

constrain* -> constrain? 

ODRL specifies that the usage element can be linked 
to internally in a ODRL XML file by using xlink. 
This is not supported in the Mobile Rights Voucher. 
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Element 



<! ELEMENT asset (uid* , right sholder* , protection? ) > 



Attributes 



None 



Purpose 



Identifies a unit of content, its rights holder, 
and any protection information. 



Description 



An asset element contains : 

■ Zero or more uid's. An asset MAY reference one 
or more pieces of content. If more than one uid 
element is declared it is expected that the content 
is the same but in different formats. In the 
Mobile Rights Voucher a piece of content is 
considered to be an "asset". The assets are 
external to the NRV and are identified using one or 
more uid's. Multiple assets can be declared using 
multiple asset elements. If no uid is specified 
then the asset is implicitly referenced and is 
transported with the voucher (e.g., MIME) . This is 
useful when trying to keep the voucher short such 
as when transmitting over SMS transport . 

• The rightsholder element specifies the holder of 
the rights for the asset - 

■ The protection element associates a protection 
instrument (e.g., a decryption key) with the asset . 



Example 



<asset> 

< ui d >mi d : dona 1 dduck2 3457893457a77@2 ndhe ad - com 
</uid> 

<rightsholder> 

<uid>http : / / www . media- sampo , Gom< /uid> 
< / right sholder> 

</ asset> 



ODRL 

compliance 



Deletions : The name and remark elements . 

The Mobile Rights Voucher does not support an asset 
being linked to internally in an ODRL XML file 
using xl xnk • 

The Mobile Rights Voucher associates the 
rightsholder element with the asset element, not 
the usage element as specified in ODRL. 
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Element 


<1 ELEMENT rightsholder (uid) > 


Attributes 


None 


Purpose 


A reference to information about the holder of the 
rights to the asset - 


Description 


An informational element that MAY be required by- 
law. 


Example 


<rightsholder> 

<uid>http : / /www. media -sampo. com</uid> 
</ right sholder> 


ODRL 

compliance 


Does not exist in ODRL. 
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Element 


<1 ELEMENT print (constrain* ) > 


Attributes 


None 


Purpose 


Indicates that the usage for the associated asset 
supports the print intent . 


Description 


Contains zero or more constrain elements- If zero 
and there is no constrain element in the usage 
element, then there is no restriction on the use of 
the specified assets for the intention of printing . 
If there is a constrain element then the use of the 
specified assets is restricted. 

ODRL specifies an ability to declaire more than one 
instance of a constrain element in a print element - 
To conform with the ODRL, the Mobile Rights Voucher 
supports this ability. 


Example 


<print> 
<constrain> 
<datetime> 
<start>2 0011705</start> 
<end>2 0011706</end> 
</ datetime> 
< /constrain> 
< /print > 


ODRLi 

compliance 


Deletions: The name and remark elements. 
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Element 


<!ELEMENT display (constrain*) > 


Attributes 


None 


Purpose 


Indicates that the usage for the associated asset 
supports the display intent. 


Descr ipt ion 


Contains zero or more constrain elements. If zero 
and. tnere is no constrain element m tne usage 
element, then there is no restriction on the use of 
the specified assets for the intention of 
displaying. If there is a constrain element then 
the use of the specified assets is restricted. 

ODRL specifies an ability to declare more than one 
instance of a constrain element in a display 
element. To conform with the ODRL, the Mobile 
Rights Voucher supports this ability. 


Exampl e 


<display> 
<Gonstrain> 
<datetime> 
<start>2 0 0117 05</start> 
<end>20011706</end> 
</datetime> 
</constrain> 
</display> 


ODRL 

compliance 


Deletions: The name and remark elements. 
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Element 


<1ELEMENT play (constrain*) > 


Attributes 


None 


Purpose 


Indicates that the usage for the associated asset 
supports the play intent. 


Description 


Contains zero or more constrain elements. If zero 
and there is no constrain element in the usage 
element, then there is no restriction on the use of 
the specified assets for the intention of playing. 
If there is a constrain element then the use of the 
specified assets is restricted. 

ODRL specifies an ability to declare more than one 
instance of a constrain element in a play element. 
To conform with the ODRL, the Mobile Rights Voucher 
supports this ability. 


Example 


<print> 
<constrain> 
<datetime> 
<start>2 0011705</start> 
<end>2001170 6</end> 
</datetime> 
</ constrain> 
< /print > 


ODRL 

compliance 


Deletions: The name and remark elements. 



I 
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Element 


< 1 ELEMENT execute (constrain*) > 


Attributes 


None 


Purpose 


Indicates that the usage for the associated asset 
supports the execute intent. 


Description 


Contains zero or more constrain elements. If zero 
and there is no constrain element in the usage 
element, then there is no restriction on the use of 
the specified assets for the intention of 
executing. If there is a constrain element then 
the use of the specified assets is restricted. 

ODRIj specifies an ability to declare more than one 
instance of a constrain element in an execute 
element. To conform with the ODRL, the Mobile 
Rights Voucher supports this ability. 


Example 


<execute> 
<constrain> 
<datetime> 
<start>2 0011705</start> 
<end>2 001170 6</end> 
< / datetime> 
</ constrain> 
< /execute > 


ODRL 

compliance 


Deletions: The name and remark elements. 



wo 03/005145 



PCT/IB02/02591 



Figure 4N 



18/40 



Element 



< I ELEMENT copy (constrain* , narrow+) > 



Attributes 



None 



Purpose 



Indicates that the usage for the associated asset 
supports the copy intent . 



Description 



Contains zero or more constrain elements. If zero 
and there is no constrain element in the usage 
element, then there is no restriction on the use of 
the specified assets for the intention of copying. 
If there is a constrain element then the use of the 
specified assets is restricted. 

When a copy intent is invoked the: a) specified 
assets at the usage level are duplicated; b) 
vouchers in the narrow elements are duplicated; c) 
duplicate assets and vouchers should be distributed 
to the specified receiver. It is an implementation 
recommendation that the vouchers listed in narrow 
should be local . 

The Mobile Rights Voucher does not support partial 
copy. Invoking a copy intent results in a new 
voucher instance that contains all of the rights. 

ODRLi specifies an ability to declare more than one . 
instance of a constrain element in a copy element . 
To conform with the ODRL, the Mobile Rights Voucher 
supports this ability. 



Example 



<copy> 
<constrain> 
<datetime>< start >2 00 117 05</start> 

<end>2 0 0117 0 6 </end> 
</datetime> 
</ constrain> 
<narrow> 

<uid>mid : RTvoucher2 3457893457a7 7@2ndhead . com 
</uid> 
</narrow> 
</copy> 



ODRIj 

compl iance 



Additions: The narrow element. 

Deletions : The name and remark elements 
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Element 



<! ELEMENT give (constrain*^ narrow+) > 



Attributes 



None 



Purpose 



Indicates that the usage for the associated asset 
supports the give intent. 



Description 



Contains zero or more constrain elements. If zero 
and there is no constrain element in the usage 
element, then there is no restriction on the use of 
the specified assets for the intention of giving. 
If there is a constrain element then the use of the 
specified assets is restricted. 

When a give intent is invoked the: a) specified 
assets at the usage level are duplicated; b) 
vouchers in the narrow elements are duplicated; c) 
a new voucher with no usage rights for the assets 
MUST BE delivered to the "giver"; d) duplicate 
assets and vouchers should be distributed to the 
receiver . 

ODRLi specifies an ability to declare more than one 
instance of a constrain element in a give element . 
To conform with the ODRL, the Mobile Rights Voucher 
supports this ability. 



Example 



<give> 
<constrain> 
<datetime><start>20 011705</ start > 

<end>2 0011706</end> 
</datetime> 
</constrain> 
<narrow> 

<uid>mid : RTvoucher2 3457893457a7 7®2ndhead . com 

</uid> 
</narrow> 
</give> 



ODRL 

compliance 



Additions: The narrow element. 
Deletions: The name and remark elements. 
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Element 



< I ELEMENT narrow (uid*)> 



Attributes 



None 



Purpose 



Specifies a list of vouchers that can be duplicated 
or given away. 



Description 



Contains a list of uid*s that refer to one or more 
vouchers . 

NOTE: When the narrow is used in a give or a copy 
element the vouchers that the narrow element 
references SHOULD have the same list of assets as 
the current voucher. If a narrow element 
references its own voucher (i.e., a self 
reference) , it is recommended that the voucher only 
contains one usage. Thus^ rights for non-copied 
assets are not distributed unintentionally because 
after a copy or a give it is not recommended that 
copied vouchers contain rights for additional 
assets not under the control of the give or copy 
intent . 



Example 



<give> 
<narrow> 

<uid>mid : vouGher237 62 83 7@city - f i</uid> 
<narrow> 
</give> 



ODRL 

compliance 



The ODRL specification has an unclear meaning for 
the narrow element, therefore, the Mobile Rights 
Voucher definition overrides the ODRL definition. 
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Element 



<JELEMENT constrain (datetime*, count*, 
individual*) > 



Attributes 



None 



Purpose 



Constrains the usage of tlie enclosing intent 
element . 



Description 



Restricts the invocation of the enclosing intent 
element . 

It is possible to specify: 

• A count element limits the number of times an 
asset can be used. 

• A datetime element limits the usage to a 
specific period of time. 

■ An individual element limits the usage to. a 
specific "user", but the "user" may be a person or 
a device (e.g., a playing device) . 

ODRL specifies an ability to declare more than one 
instance of a constrain element - To conform with 
the ODRL, the Mobile Rights Voucher supports this 
ability. 



Example 



<display> 

<constrain> 
<count>5< /count > 

< /const rain> 
< /di splay > 



ODRIi 

compliance 



Deletions: All elements are removed except for 

datetime, count, and individual. 
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Element 


<i ELEMENT count (#PCDATA) > 


Attributes 


None 


Puirpose 


Specifies a metered usage for the associated asset 
xn terms or a count . 


Description 


The count element is intended to restrict the 
number of times an intent element can be invoked on 
an associated asset. 


Example 


<displaY> 
<constrain> 

<count >5</ count > 
</ const rain> 

</display> 


ODRli 

compliance 


An attribute in the ODRL specification is used to 
capture the start and end data. This is moved into 
an additional element in the Mobile Rights Voucher 
for terseness of expression. 
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Element 


< I ELEMENT start (# PCDATA) > 


Attributes 


None 


Purpose 


Specifies a start value for a datetime element . 


Description 


The values of the start element depend upon the 
implementation system. It is up to the 

implementing system to ensure that the values for 

start and end are valid. 


Example 


<datetime> 
<start>20011705</ start> 
<end>2 0 011706</end> 

</datetime> 


ODRL 

compliance 


An attribute in the ODRL specification is used to 
capture the start and end data. This is moved into 
an additional element in the Mobile Rights Voucher 
for terseness of expression. 
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Element 


<i ELEMENT end (# PCDATA) > 


Attributes 


None 


Purpose 


Specifies an end value for a datetime element. 


Description 


The values of the end element depend upon the 
implementation system. It is up to the 

implementincr svstem to ensure that the values for 

Start and end are valid. 


Example 


<datetime> 
< start >2 00117 05</start> 
<end>20 011706</end> 

</datetime> 


ODRIj 

compliance 


An attribute in the ODRIi specification is used to 
capture the start and end data. This is moved into 
an additional element in the Mobile Rights Voucher 
for terseness of expression. 
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Element 


< 'ELEMENT datetime (start?, end?)> 


Attributes 


None 


Purpose 


Specifies a metered usage of the specified assets 
in terms of a time period. 


Description 


Restricts the period of time an intent element can 
be invoked on an associated asset. It is up to the 
implementing system to ensure that the specified 
values are logically correct and that there is 
programmatic logic to implement the count. It is 
recommended that UTC time is used. 


Example 


<give> 
<constrain> 
<datet ime> 
<start>2 0 0117 05</start> 
<end>2 0 01170 6 </end> 
</datetime> 
</constrain> 
</give> 


ODRIi 

compliance 


An attribute in the ODRL specification is used to 
capture the start and end data. This is moved into 
an additional element in the Mobile Rights Voucher 
for terseness of expression. 
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Element 


< 1 ELEMENT i ndi vi dual ( ui d+ ) > 


Attributes 


None 


Purpose 


Binds the enclosing asset to the declared entity- 


Description 


Identifies one or more entities that are bound to 
the ericlosing asset. An entity could be an IMEI 
code for a phone, an Ethernet address for a local 
NIC, a device ID, or a WIM certificate- The name 
"individual" is more restrictive than the actual 
intended usaqe • It actually refers to any bindina 
information that binds the use of a voucher with a 
the holder of that information. 


Example 


<give> 
<constrain> 
< i ndi vi dua 1 > 

<uid>IMEI : 350903301387634</uid> 
</ individual > 
</ constrain> 
</give> 


ODRL 

compliance 


Deletions: The name and remark elements. 
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1 <?xml version="l . 0" encoding="UTF-8" ?> 

2 <!-- This DTD defines a subset of a Mobile Digital Rights 

3 Management (DRM) Voucher DTD. This DTD is to be identified 

4 by the URI string "MRVl.0.1" (Mobile Rights Voucher, Release 

5 1, Revision 0, Subset A) . 

6 <i ELEMENT rights (admin?, usage) > 

7 <IATTLIST rights 

8 xmlnsixlink CDATA #IMPLIED 

9 xmlns CDATA #IMPLIED> 

10 <IELEMENT admin (uid) > 

11 <1ELEMENT usage (asset) > 

12 <! ELEMENT asset (uid?) > 

13 < I ELEMENT uid (#PCDATA) > 
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1 <?xnil version="l . 0" encoding="UTF-8 " ?> 

2 <!-- This DTD defines a subset of a Mobile Digital Rights 

3 Management (DRM) Voucher DTD. This DTD is to be identified 

4 by the URI string "MRVl.0.2" (Mobile Rights Voucher, Release 

5 1, Revision 0, Subset B) . 

6 <! ELEMENT rights (version?, admin?, transaction?, usage+) > 

7 <!ATTLIST rights 

8 xmlns:xlink CDATA #IMPLIED 

9 xmlns CDATA #IMPLIED> 

10 <!ELEMENT version (#PCDATA) > 

11 <! ELEMENT admin (uid) > 

12 <i ELEMENT uid (# PCDATA ) > 

13 < I ELEMENT transaction (# PCDATA) > 

14 <1 ELEMENT usage (asset, display?, 

15 <! ELEMENT asset (uid*) > 

16 <1 ELEMENT display (constrain?) > 

17 <IELEMENT play (constrain?) > 

18 <i ELEMENT execute (constrain?) > 

19 <! ELEMENT copy (constrain? ) > 

20 <1ELEMENT constrain (count?, datetime?) > 

21 < 1 ELEMENT count ( # PCDATA ) > 

22 <!ELEMENT datetime (start?, end?)> 

23 < I ELEMENT Start (# PCDATA ) > 

24 < I ELEMENT end (# PCDATA ) > 



play? , execute? , copy? ) > 
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1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 
29 
30 
31 



<?xml version="l . 0 " encoding="UTF'- 8 " ?> 

<!-- This DTD defines a subset of a Mobile Digital Rights 
Management (DRM) Voucher DTD. This DTD is to be identified 
by the URl string "MRVl.0-3" (Mobile Rights Voucher, Release 
1, Revision 0, Subset C) - --> 

<1ELEMENT rights (version?, admin?, transaction?, usage+, 
protection?) > 
<lATTIiIST rights 

xmlnsrxlink CDATA #IMPLIED 

xmlns CDATA #IMPLIED> 

< I ELEMENT version (# PCDATA ) > 
<i ELEMENT admin (uid+) > 

< 1 ELEMENT uid (#PCDATA) > 

<1 ELEMENT transaction (#PCDATA) > 
<1ELEMENT protection (# PCDATA) > 

< 'ELEMENT usage (asset + / print*, display*, play*, execute*, 

copy* , constrain?) > 

<i ELEMENT asset (uid*, right sholder* , protection?) > 

<1 ELEMENT rightsholder (uid) > 

< I ELEMENT print (constrain? ) > 

<1ELEMENT display (constrain?) > 

<IELEMENT play (constrain? ) > 

<i ELEMENT execute (constrain?) > 

< I ELEMENT copy (constrain?, narrow+) > 

<i ELEMENT narrow (uid*)> 

<IELEMENT constrain (datetime?, count?, individual*) > 



< 
< 
< 
< 
< 



ELEMENT datetime (start?, end?)> 

ELEMENT start (#PCDATA) > 

ELEMENT end (# PCDATA) > 

ELEMENT count (#PCDATA) > 

ELEMENT individual (uid+)> 
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1 <?xml version="l . 0" encoding="UTF-8 " ?> 

2 <l-- Tliis DTD defines a Mobile Digital Rights Management 

3 (DRM) Voucher DTD, This DTD defines a common format for 

4 representing a container for multimedia digital rights. This 

5 DTD is to be identified by the URI string "MRVl.O" (Mobile 

6 Rights Voucher, Release 1.0). 

7 <1 ELEMENT rights (version?, admin?, transaction?, usage+, 

8 protection?) > 

9 <iATTLIST rights 

10 xmlns:xlink CDATA ftlMPLIED 

11 xmlns CDATA #IMPLIED> 

12 <1 ELEMENT version (#PCDATA) > 

13 < I ELEMENT admin (uid+) > 

14 < 1 ELEMENT uid (# PCDATA ) > 

15 < I ELEMENT transaction (# PCDATA ) > 

16 <1 ELEMENT protection (#PCDATA) > 

17 <1 ELEMENT usage (asset+, print*, display*, play*, execute*, 

18 copy*, give*, constrain? )> 

19 <!ELEMENT asset (uid*, right sholder* , protection?) > 

20 <IELEMENT rightsholder (uid) > 

21 <!ELEMENT print (constrain*) > 

22 <1 ELEMENT display (constrain*) > 

23 <! ELEMENT play (constrain* ) > 

24 <1ELEMENT execute (constrain*) > 

25 <i ELEMENT copy (constrain*, narrows) > 

26 < I ELEMENT give (constrain*, narrow+) > 

27 < I ELEMENT narrow (uid*)> 

28 <1 ELEMENT constrain (datetime*, count*, individual*) > 

29 <!ELEMENT datetime (start?, end?)> 

30 < I ELEMENT Start (# PCDATA ) > 

31 < 1 ELEMENT end ( # PCDATA ) > 

32 <i ELEMENT count (# PCDATA ) > 

33 <i ELEMENT individual (uid+) > 
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